* [PATCH] security: keys: trusted: prevent memory leak in error path
@ 2021-04-13 20:13 Muhammad Usama Anjum
0 siblings, 0 replies; only message in thread
From: Muhammad Usama Anjum @ 2021-04-13 20:13 UTC (permalink / raw)
To: James.Bottomley, James Bottomley, Jarkko Sakkinen, Mimi Zohar,
David Howells, James Morris, Serge E. Hallyn,
open list:KEYS-TRUSTED, open list:KEYS-TRUSTED,
open list:SECURITY SUBSYSTEM, open list
Cc: musamaanjum, kernel-janitors, dan.carpenter, colin.king
tpm2_key_decode sometimes allocates blob. This blob should be freed if
some error occurs later in the function. Free the blob before returning
from this function if it was allocated.
Addresses-Coverity: ("Prevent memory leak")
Fixes: 14676f1eb796 ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs")
Signed-off-by: Muhammad Usama Anjum <musamaanjum@gmail.com>
---
This is only build tested.
security/keys/trusted-keys/trusted_tpm2.c | 37 +++++++++++++++--------
1 file changed, 24 insertions(+), 13 deletions(-)
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index d225ad140960..4551384124e0 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -378,22 +378,30 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
}
/* new format carries keyhandle but old format doesn't */
- if (!options->keyhandle)
- return -EINVAL;
+ if (!options->keyhandle) {
+ rc = -EINVAL;
+ goto err;
+ }
/* must be big enough for at least the two be16 size counts */
- if (payload->blob_len < 4)
- return -EINVAL;
+ if (payload->blob_len < 4) {
+ rc = -EINVAL;
+ goto err;
+ }
private_len = get_unaligned_be16(blob);
/* must be big enough for following public_len */
- if (private_len + 2 + 2 > (payload->blob_len))
- return -E2BIG;
+ if (private_len + 2 + 2 > (payload->blob_len)) {
+ rc = -E2BIG;
+ goto err;
+ }
public_len = get_unaligned_be16(blob + 2 + private_len);
- if (private_len + 2 + public_len + 2 > payload->blob_len)
- return -E2BIG;
+ if (private_len + 2 + public_len + 2 > payload->blob_len) {
+ rc = -E2BIG;
+ goto err;
+ }
pub = blob + 2 + private_len + 2;
/* key attributes are always at offset 4 */
@@ -406,12 +414,14 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
payload->migratable = 1;
blob_len = private_len + public_len + 4;
- if (blob_len > payload->blob_len)
- return -E2BIG;
+ if (blob_len > payload->blob_len) {
+ rc = -E2BIG;
+ goto err;
+ }
rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_LOAD);
if (rc)
- return rc;
+ goto err;
tpm_buf_append_u32(&buf, options->keyhandle);
tpm2_buf_append_auth(&buf, TPM2_RS_PW,
@@ -433,12 +443,13 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
(__be32 *) &buf.data[TPM_HEADER_SIZE]);
out:
- if (blob != payload->blob)
- kfree(blob);
tpm_buf_destroy(&buf);
if (rc > 0)
rc = -EPERM;
+err:
+ if (blob != payload->blob)
+ kfree(blob);
return rc;
}
--
2.25.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-04-13 20:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-04-13 20:13 [PATCH] security: keys: trusted: prevent memory leak in error path Muhammad Usama Anjum
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.