lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 18 May 2021 19:40:30 +0800
From:   hongbo li <herbert.tencent@...il.com>
To:     Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
Cc:     "open list:ASYMMETRIC KEYS" <keyrings@...r.kernel.org>,
        linux-crypto@...r.kernel.org,
        Herbert Xu <herbert@...dor.apana.org.au>,
        David Howells <dhowells@...hat.com>, jarkko@...nel.org,
        herberthbli@...cent.com, stable@...r.kernel.org,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/7] crypto: fix a memory leak in sm2

Tianjia Zhang <tianjia.zhang@...ux.alibaba.com> 于2021年5月14日周五 下午12:52写道:
>
> Hi Hongbo,
>
> On 5/12/21 10:04 PM, Hongbo Li wrote:
> > From: Hongbo Li <herberthbli@...cent.com>
> >
> > SM2 module alloc ec->Q in sm2_set_pub_key(), when doing alg test in
> > test_akcipher_one(), it will set public key for every test vector,
> > and don't free ec->Q. This will cause a memory leak.
> >
> > This patch alloc ec->Q in sm2_ec_ctx_init().
> >
> > Signed-off-by: Hongbo Li <herberthbli@...cent.com>
> > ---
> >   crypto/sm2.c | 24 ++++++++++--------------
> >   1 file changed, 10 insertions(+), 14 deletions(-)
> >
> > diff --git a/crypto/sm2.c b/crypto/sm2.c
> > index b21addc..db8a4a2 100644
> > --- a/crypto/sm2.c
> > +++ b/crypto/sm2.c
> > @@ -79,10 +79,17 @@ static int sm2_ec_ctx_init(struct mpi_ec_ctx *ec)
> >               goto free;
> >
> >       rc = -ENOMEM;
> > +
> > +     ec->Q = mpi_point_new(0);
> > +     if (!ec->Q)
> > +             goto free;
> > +
> >       /* mpi_ec_setup_elliptic_curve */
> >       ec->G = mpi_point_new(0);
> > -     if (!ec->G)
> > +     if (!ec->G) {
> > +             mpi_point_release(ec->Q);
> >               goto free;
> > +     }
> >
> >       mpi_set(ec->G->x, x);
> >       mpi_set(ec->G->y, y);
> > @@ -91,6 +98,7 @@ static int sm2_ec_ctx_init(struct mpi_ec_ctx *ec)
> >       rc = -EINVAL;
> >       ec->n = mpi_scanval(ecp->n);
> >       if (!ec->n) {
> > +             mpi_point_release(ec->Q);
> >               mpi_point_release(ec->G);
> >               goto free;
> >       }
> > @@ -386,27 +394,15 @@ static int sm2_set_pub_key(struct crypto_akcipher *tfm,
> >       MPI a;
> >       int rc;
> >
> > -     ec->Q = mpi_point_new(0);
> > -     if (!ec->Q)
> > -             return -ENOMEM;
> > -
> >       /* include the uncompressed flag '0x04' */
> > -     rc = -ENOMEM;
> >       a = mpi_read_raw_data(key, keylen);
> >       if (!a)
> > -             goto error;
> > +             return -ENOMEM;
> >
> >       mpi_normalize(a);
> >       rc = sm2_ecc_os2ec(ec->Q, a);
> >       mpi_free(a);
> > -     if (rc)
> > -             goto error;
> > -
> > -     return 0;
> >
> > -error:
> > -     mpi_point_release(ec->Q);
> > -     ec->Q = NULL;
> >       return rc;
> >   }
> >
> >
>
> Thanks a lot for fixing this issue.
>
> Reviewed-by: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
>
> Also added:
>
> Cc: stable@...r.kernel.org # v5.10+
>
> Best regards,
> Tianjia

Thank you for your review!
Regards,
Hongbo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ