| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191122222636.GA21689@breakpoint.cc>
Date: Fri, 22 Nov 2019 23:26:36 +0100
From: Florian Westphal <fw@...len.de>
To: Navid Emamdoost <navid.emamdoost@...il.com>
Cc: "David S. Miller" <davem@...emloft.net>,
Johannes Berg <johannes.berg@...el.com>,
Taehee Yoo <ap420073@...il.com>,
Andreas Steinmetz <ast@...dv.de>,
Michal Kubecek <mkubecek@...e.cz>,
Florian Westphal <fw@...len.de>,
Thomas Gleixner <tglx@...utronix.de>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, emamd001@....edu
Subject: Re: [PATCH] macsec: Fix memory leaks in macsec_decrypt()
Navid Emamdoost <navid.emamdoost@...il.com> wrote:
> In the implementation of macsec_decrypt(), there are two memory leaks
> when crypto_aead_decrypt() fails. Release allocated req and skb before
> return.
>
> Fixes: c3b7d0bd7ac2 ("macsec: fix rx_sa refcounting with decrypt callback")
> Signed-off-by: Navid Emamdoost <navid.emamdoost@...il.com>
> ---
> drivers/net/macsec.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
> index afd8b2a08245..34c6fb4eb9ef 100644
> --- a/drivers/net/macsec.c
> +++ b/drivers/net/macsec.c
> @@ -986,6 +986,8 @@ static struct sk_buff *macsec_decrypt(struct sk_buff *skb,
> dev_hold(dev);
> ret = crypto_aead_decrypt(req);
> if (ret == -EINPROGRESS) {
> + aead_request_free(req);
> + kfree_skb(skb);
-EINPROGRESS means decryption is handled asynchronously, no?
> return ERR_PTR(ret);
> } else if (ret != 0) {
> /* decryption/authentication failed
This is the error handling/failure path.
Powered by blists - more mailing lists