| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251106084851.639-1-vulab@iscas.ac.cn>
Date: Thu, 6 Nov 2025 16:48:50 +0800
From: Haotian Zhang <vulab@...as.ac.cn>
To: nhorman@...driver.com,
herbert@...dor.apana.org.au,
davem@...emloft.net
Cc: linux-crypto@...r.kernel.org,
linux-kernel@...r.kernel.org,
Haotian Zhang <vulab@...as.ac.cn>
Subject: [PATCH] crypto: ansi_cprng: fix cipher leak in cprng_init error path
In the commit referenced by the Fixes tag, crypto_alloc_cipher()
was moved from reset_prng_context() to cprng_init(). However,
this approach does not account for the error path: when
reset_prng_context() fails, crypto_free_cipher() is never called,
resulting in a resource leak.
Free the allocated cipher before returning on reset_prng_context()
failure.
Fixes: fd09d7facb7c ("crypto: ansi_prng - alloc cipher just in init")
Signed-off-by: Haotian Zhang <vulab@...as.ac.cn>
---
crypto/ansi_cprng.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
index 153523ce6076..6cf505bcf794 100644
--- a/crypto/ansi_cprng.c
+++ b/crypto/ansi_cprng.c
@@ -329,8 +329,10 @@ static int cprng_init(struct crypto_tfm *tfm)
return PTR_ERR(ctx->tfm);
}
- if (reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL) < 0)
+ if (reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL) < 0) {
+ crypto_free_cipher(ctx->tfm);
return -EINVAL;
+ }
/*
* after allocation, we should always force the user to reset
--
2.50.1.windows.1
Powered by blists - more mailing lists