lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210812102954.GA5569@gondor.apana.org.au>
Date:   Thu, 12 Aug 2021 18:29:54 +0800
From:   Herbert Xu <herbert@...dor.apana.org.au>
To:     Dongliang Mu <mudongliangabcd@...il.com>
Cc:     Corentin Labbe <clabbe.montjoie@...il.com>,
        "David S. Miller" <davem@...emloft.net>,
        Maxime Ripard <mripard@...nel.org>,
        Chen-Yu Tsai <wens@...e.org>,
        Jernej Skrabec <jernej.skrabec@...il.com>,
        Eric Biggers <ebiggers@...gle.com>,
        Xiang Chen <chenxiang66@...ilicon.com>,
        Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
        Corentin Labbe <clabbe@...libre.com>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        Ard Biesheuvel <ardb@...nel.org>, linux-crypto@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org, linux-sunxi@...ts.linux.dev,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] crypto: sun8i-ce: fix multiple memory leaks in
 sun8i_ce_hash_run

On Thu, Aug 12, 2021 at 06:24:25PM +0800, Dongliang Mu wrote:
> On Thu, Aug 12, 2021 at 6:05 PM Herbert Xu <herbert@...dor.apana.org.au> wrote:
> >
> > On Tue, Aug 03, 2021 at 02:31:38PM +0800, Dongliang Mu wrote:
> > >
> > > -theend:
> > > -     kfree(buf);
> > > +err_result:
> > >       kfree(result);
> > > -     crypto_finalize_hash_request(engine, breq, err);
> > > +err_buf:
> > > +     kfree(buf);
> > > +out:
> > > +     if (!err)
> > > +             crypto_finalize_hash_request(engine, breq, err);
> > >       return 0;
> >
> > This does not look right.  You're returning zero in case of an error
> 
> Hi Herbert,
> 
> Corentin Labbe said,
> 
> For the error code, I am not sure it is needed, error code is already
> given to user via crypto_finalize_hash_request().

Yes but your patch changes this.  You're now skipping the finalize
call and thus throwing away err if it's not zero.

If it's supposed to do this you need to explain it in your patch
submission.

Cheers,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ