From: Haotian Zhang <vulab@iscas.ac.cn>
To: nhorman@tuxdriver.com, herbert@gondor.apana.org.au, davem@davemloft.net
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Haotian Zhang <vulab@iscas.ac.cn>
Subject: [PATCH] crypto: ansi_cprng: fix cipher leak in cprng_init error path
Date: Thu, 6 Nov 2025 16:48:50 +0800 [thread overview]
Message-ID: <20251106084851.639-1-vulab@iscas.ac.cn> (raw)
In the commit referenced by the Fixes tag, crypto_alloc_cipher()
was moved from reset_prng_context() to cprng_init(). However,
this approach does not account for the error path: when
reset_prng_context() fails, crypto_free_cipher() is never called,
resulting in a resource leak.
Free the allocated cipher before returning on reset_prng_context()
failure.
Fixes: fd09d7facb7c ("crypto: ansi_prng - alloc cipher just in init")
Signed-off-by: Haotian Zhang <vulab@iscas.ac.cn>
---
crypto/ansi_cprng.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
index 153523ce6076..6cf505bcf794 100644
--- a/crypto/ansi_cprng.c
+++ b/crypto/ansi_cprng.c
@@ -329,8 +329,10 @@ static int cprng_init(struct crypto_tfm *tfm)
return PTR_ERR(ctx->tfm);
}
- if (reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL) < 0)
+ if (reset_prng_context(ctx, NULL, DEFAULT_PRNG_KSZ, NULL, NULL) < 0) {
+ crypto_free_cipher(ctx->tfm);
return -EINVAL;
+ }
/*
* after allocation, we should always force the user to reset
--
2.50.1.windows.1
next reply other threads:[~2025-11-06 8:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-06 8:48 Haotian Zhang [this message]
2025-11-06 9:25 ` [PATCH] crypto: ansi_cprng: fix cipher leak in cprng_init error path Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251106084851.639-1-vulab@iscas.ac.cn \
--to=vulab@iscas.ac.cn \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).