| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Sep 2020 00:20:59 +0800
From: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
To: Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
David Howells <dhowells@...hat.com>,
Eric Biggers <ebiggers@...gle.com>,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
Maxime Coquelin <mcoquelin.stm32@...il.com>,
Alexandre Torgue <alexandre.torgue@...com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Stephan Mueller <smueller@...onox.de>,
Marcelo Henrique Cerri <marcelo.cerri@...onical.com>,
"Steven Rostedt (VMware)" <rostedt@...dmis.org>,
Masahiro Yamada <masahiroy@...nel.org>,
Brendan Higgins <brendanhiggins@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Johannes Weiner <hannes@...xchg.org>,
Waiman Long <longman@...hat.com>,
Mimi Zohar <zohar@...ux.ibm.com>,
Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>,
Colin Ian King <colin.king@...onical.com>,
Tushar Sugandhi <tusharsu@...ux.microsoft.com>,
Vitaly Chikunov <vt@...linux.org>,
"Gilad Ben-Yossef" <gilad@...yossef.com>,
Pascal van Leeuwen <pvanleeuwen@...bus.com>,
linux-crypto@...r.kernel.org, keyrings@...r.kernel.org,
linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-stm32@...md-mailman.stormreply.com,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Cc: Xufeng Zhang <yunbo.xufeng@...ux.alibaba.com>,
Jia Zhang <zhang.jia@...ux.alibaba.com>,
Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
Subject: [PATCH v7 06/10] crypto: testmgr - Fix potential memory leak in test_akcipher_one()
When the 'key' allocation fails, the 'req' will not be released,
which will cause memory leakage on this path. This patch adds a
'free_req' tag used to solve this problem, and two new err values
are added to reflect the real reason of the error.
Signed-off-by: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
---
crypto/testmgr.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index cd002a030af5..ed8e29efe280 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -3954,7 +3954,7 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,
key = kmalloc(vecs->key_len + sizeof(u32) * 2 + vecs->param_len,
GFP_KERNEL);
if (!key)
- goto free_xbuf;
+ goto free_req;
memcpy(key, vecs->key, vecs->key_len);
ptr = key + vecs->key_len;
ptr = test_pack_u32(ptr, vecs->algo);
@@ -3966,7 +3966,7 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,
else
err = crypto_akcipher_set_priv_key(tfm, key, vecs->key_len);
if (err)
- goto free_req;
+ goto free_key;
/*
* First run test which do not require a private key, such as
@@ -3976,7 +3976,7 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,
out_len_max = crypto_akcipher_maxsize(tfm);
outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
if (!outbuf_enc)
- goto free_req;
+ goto free_key;
if (!vecs->siggen_sigver_test) {
m = vecs->m;
@@ -3995,6 +3995,7 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,
op = "verify";
}
+ err = -E2BIG;
if (WARN_ON(m_size > PAGE_SIZE))
goto free_all;
memcpy(xbuf[0], m, m_size);
@@ -4061,6 +4062,7 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,
c_size = req->dst_len;
}
+ err = -E2BIG;
op = vecs->siggen_sigver_test ? "sign" : "decrypt";
if (WARN_ON(c_size > PAGE_SIZE))
goto free_all;
@@ -4097,9 +4099,10 @@ static int test_akcipher_one(struct crypto_akcipher *tfm,
free_all:
kfree(outbuf_dec);
kfree(outbuf_enc);
+free_key:
+ kfree(key);
free_req:
akcipher_request_free(req);
- kfree(key);
free_xbuf:
testmgr_free_buf(xbuf);
return err;
--
2.19.1.3.ge56e4f7
Powered by blists - more mailing lists