| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Oct 2013 18:11:02 -0700
From: Tyler Hicks <tyhicks@...onical.com>
To: "Geyslan G. Bem" <geyslan@...il.com>
Cc: ecryptfs@...r.kernel.org, linux-kernel@...r.kernel.org,
joe@...ches.com, kernel-br@...glegroups.com
Subject: Re: [PATCH] ecryptfs: Fix memory leakage in keystore.c
On 2013-10-11 16:49:16, Geyslan G. Bem wrote:
> In 'decrypt_pki_encrypted_session_key' function:
>
> Initializes 'payload' pointer and releases it on exit.
>
> Signed-off-by: Geyslan G. Bem <geyslan@...il.com>
> ---
Thanks! This one was easy to verify by auditing the code, but I was also
able to verify the leak with kmemleak.
I've targeted it for stable and pushed it to the eCryptfs next branch.
Tyler
> fs/ecryptfs/keystore.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
> index 7d52806..4725a07 100644
> --- a/fs/ecryptfs/keystore.c
> +++ b/fs/ecryptfs/keystore.c
> @@ -1149,7 +1149,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
> struct ecryptfs_msg_ctx *msg_ctx;
> struct ecryptfs_message *msg = NULL;
> char *auth_tok_sig;
> - char *payload;
> + char *payload = NULL;
> size_t payload_len = 0;
> int rc;
>
> @@ -1203,6 +1203,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
> }
> out:
> kfree(msg);
> + kfree(payload);
> return rc;
> }
>
> --
> 1.8.4
>
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists