From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: AH8x226s73cJtcnkmhVzWKtdbUOCqxIBVhHxoi1z7NRPiRf2D/DHg+Y+eRB5TIjkdqMkm8bLmE8y ARC-Seal: i=1; a=rsa-sha256; t=1517256533; cv=none; d=google.com; s=arc-20160816; b=1LtEyOpjeor3UzDp4cA+GaPAVNNJEZeFHPwsaA61C7KADIpu0tPCvNRUXxIhylByqB fnWvM28VgC4WAeflWWvHyqfVnJ8oig6yYmIwvyiiuxYsDjrN8aqEk2mIq0eQe8M0OHxn 3bBgMvyPrOpos8sz0DQCtR3Lhd8Qm8H5+Htrc138/LfmMHPEdh4DN3D3ajZo/9Jnp31r 69XTyAmc4bqQywOk0nWa7qX6FJCFBEusiVRsWzigdHIz5XoN1T1CHbFVJCjAooZZlW6m tTCctAN8dRBSwN8nWf7YP7j0zSjLherFHBDPMr95uO3A4EM4lXDSOUnrHoy16qgoIHYV HR9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:user-agent:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=jOnhVghKOfH3brMtiNtHmHg2qgRNi/JXvWKcNBL6bpU=; b=Z3Iw8S2TBQpyVGDulUJC48BBe9iAYjjuOCmxB2N3sXQPsrxkSlaPtR35gJoO9QIVg3 maximI0KGuxlVIjvGQtoYSB03Z24UmSt5IRaZkM0V6zm6wJ1WO6HUv6pmAoptbYQb9tl ISUknhGHPbJ2TZocHHq4/mdmiqwB3V7pmJwk/R3CqNhtB75pPnZogswOn2JmEocpYRaO RaGjm/6KGgSSmaTsR6WGf9W3kxUTreogJIYpRW8EOC+OKD/NL7b6n2It3+UIXzcvv0yp P0pwsNJrl6TfpV6lad2Z3r4+PlH+fFsrynmpgRbuZPk8IlYX2odk/1/0FO3J3S9fv2sT A7Pg== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sabrina Dubroca , "David S. Miller" Subject: [PATCH 4.14 55/71] tls: fix sw_ctx leak Date: Mon, 29 Jan 2018 13:57:23 +0100 Message-Id: <20180129123831.110576954@linuxfoundation.org> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180129123827.271171825@linuxfoundation.org> References: <20180129123827.271171825@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-LABELS: =?utf-8?b?IlxcU2VudCI=?= X-GMAIL-THRID: =?utf-8?q?1590958787192107513?= X-GMAIL-MSGID: =?utf-8?q?1590958787192107513?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Sabrina Dubroca [ Upstream commit cf6d43ef66f416282121f436ce1bee9a25199d52 ] During setsockopt(SOL_TCP, TLS_TX), if initialization of the software context fails in tls_set_sw_offload(), we leak sw_ctx. We also don't reassign ctx->priv_ctx to NULL, so we can't even do another attempt to set it up on the same socket, as it will fail with -EEXIST. Fixes: 3c4d7559159b ('tls: kernel TLS support') Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/tls/tls_sw.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -697,18 +697,17 @@ int tls_set_sw_offload(struct sock *sk, } default: rc = -EINVAL; - goto out; + goto free_priv; } ctx->prepend_size = TLS_HEADER_SIZE + nonce_size; ctx->tag_size = tag_size; ctx->overhead_size = ctx->prepend_size + ctx->tag_size; ctx->iv_size = iv_size; - ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, - GFP_KERNEL); + ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, GFP_KERNEL); if (!ctx->iv) { rc = -ENOMEM; - goto out; + goto free_priv; } memcpy(ctx->iv, gcm_128_info->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE); memcpy(ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size); @@ -756,7 +755,7 @@ int tls_set_sw_offload(struct sock *sk, rc = crypto_aead_setauthsize(sw_ctx->aead_send, ctx->tag_size); if (!rc) - goto out; + return 0; free_aead: crypto_free_aead(sw_ctx->aead_send); @@ -767,6 +766,9 @@ free_rec_seq: free_iv: kfree(ctx->iv); ctx->iv = NULL; +free_priv: + kfree(ctx->priv_ctx); + ctx->priv_ctx = NULL; out: return rc; }