* [PATCH] PKCS#7: fix a possible memory leak when calculating the digest
@ 2022-02-24 19:09 Denis Glazkov
2022-02-24 19:34 ` Eric Biggers
0 siblings, 1 reply; 2+ messages in thread
From: Denis Glazkov @ 2022-02-24 19:09 UTC (permalink / raw)
Cc: Denis Glazkov, David Howells, Herbert Xu, David S. Miller,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
In function `pkcs7_digest`, if there is an error allocating memory
for the `shash_desc` structure, the public key signature digest
remains unfreed.
Signed-off-by: Denis Glazkov <d.glazkov@omp.ru>
---
crypto/asymmetric_keys/pkcs7_verify.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 0b4d07aa8811..e6f648dcc02a 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -50,7 +50,7 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
ret = -ENOMEM;
sig->digest = kmalloc(sig->digest_size, GFP_KERNEL);
if (!sig->digest)
- goto error_no_desc;
+ goto error_no_digest;
desc = kzalloc(desc_size, GFP_KERNEL);
if (!desc)
@@ -117,6 +117,8 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
error:
kfree(desc);
error_no_desc:
+ kfree(sig->digest);
+error_no_digest:
crypto_free_shash(tfm);
kleave(" = %d", ret);
return ret;
--
2.25.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] PKCS#7: fix a possible memory leak when calculating the digest
2022-02-24 19:09 [PATCH] PKCS#7: fix a possible memory leak when calculating the digest Denis Glazkov
@ 2022-02-24 19:34 ` Eric Biggers
0 siblings, 0 replies; 2+ messages in thread
From: Eric Biggers @ 2022-02-24 19:34 UTC (permalink / raw)
To: Denis Glazkov
Cc: David Howells, Herbert Xu, David S. Miller,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
On Thu, Feb 24, 2022 at 07:09:12PM +0000, Denis Glazkov wrote:
> In function `pkcs7_digest`, if there is an error allocating memory
> for the `shash_desc` structure, the public key signature digest
> remains unfreed.
>
> Signed-off-by: Denis Glazkov <d.glazkov@omp.ru>
> ---
> crypto/asymmetric_keys/pkcs7_verify.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
> index 0b4d07aa8811..e6f648dcc02a 100644
> --- a/crypto/asymmetric_keys/pkcs7_verify.c
> +++ b/crypto/asymmetric_keys/pkcs7_verify.c
> @@ -50,7 +50,7 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
> ret = -ENOMEM;
> sig->digest = kmalloc(sig->digest_size, GFP_KERNEL);
> if (!sig->digest)
> - goto error_no_desc;
> + goto error_no_digest;
>
> desc = kzalloc(desc_size, GFP_KERNEL);
> if (!desc)
> @@ -117,6 +117,8 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
> error:
> kfree(desc);
> error_no_desc:
> + kfree(sig->digest);
> +error_no_digest:
> crypto_free_shash(tfm);
> kleave(" = %d", ret);
> return ret;
> --
> 2.25.1
Doesn't this introduce a double free? public_key_signature_free() frees this
too.
- Eric
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-02-24 19:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-02-24 19:09 [PATCH] PKCS#7: fix a possible memory leak when calculating the digest Denis Glazkov
2022-02-24 19:34 ` Eric Biggers
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox