[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190624092323.522420091@linuxfoundation.org>
Date: Mon, 24 Jun 2019 17:56:27 +0800
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Eric Biggers <ebiggers@...gle.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Sasha Levin <sashal@...nel.org>
Subject: [PATCH 5.1 055/121] crypto: hmac - fix memory leak in hmac_init_tfm()
[ Upstream commit 7829a0c1cb9c80debfb4fdb49b4d90019f2ea1ac ]
When I added the sanity check of 'descsize', I missed that the child
hash tfm needs to be freed if the sanity check fails. Of course this
should never happen, hence the use of WARN_ON(), but it should be fixed.
Fixes: e1354400b25d ("crypto: hash - fix incorrect HASH_MAX_DESCSIZE")
Signed-off-by: Eric Biggers <ebiggers@...gle.com>
Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
crypto/hmac.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 4b8c8ee8f15c..c623778b36ba 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -168,8 +168,10 @@ static int hmac_init_tfm(struct crypto_tfm *tfm)
parent->descsize = sizeof(struct shash_desc) +
crypto_shash_descsize(hash);
- if (WARN_ON(parent->descsize > HASH_MAX_DESCSIZE))
+ if (WARN_ON(parent->descsize > HASH_MAX_DESCSIZE)) {
+ crypto_free_shash(hash);
return -EINVAL;
+ }
ctx->hash = hash;
return 0;
--
2.20.1
Powered by blists - more mailing lists