[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200416131346.958192326@linuxfoundation.org>
Date: Thu, 16 Apr 2020 15:24:12 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Dan Carpenter <dan.carpenter@...cle.com>,
Neil Horman <nhorman@...driver.com>,
Herbert Xu <herbert@...dor.apana.org.au>
Subject: [PATCH 5.6 163/254] crypto: rng - Fix a refcounting bug in crypto_rng_reset()
From: Dan Carpenter <dan.carpenter@...cle.com>
commit eed74b3eba9eda36d155c11a12b2b4b50c67c1d8 upstream.
We need to decrement this refcounter on these error paths.
Fixes: f7d76e05d058 ("crypto: user - fix use_after_free of struct xxx_request")
Cc: <stable@...r.kernel.org>
Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
Acked-by: Neil Horman <nhorman@...driver.com>
Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
crypto/rng.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -37,12 +37,16 @@ int crypto_rng_reset(struct crypto_rng *
crypto_stats_get(alg);
if (!seed && slen) {
buf = kmalloc(slen, GFP_KERNEL);
- if (!buf)
+ if (!buf) {
+ crypto_alg_put(alg);
return -ENOMEM;
+ }
err = get_random_bytes_wait(buf, slen);
- if (err)
+ if (err) {
+ crypto_alg_put(alg);
goto out;
+ }
seed = buf;
}
Powered by blists - more mailing lists