* [PATCH] KEYS: fix KEYCTL_INSTANTIATE_IOV error case memory leak
@ 2012-11-02 12:34 Tommi Rantala
0 siblings, 0 replies; only message in thread
From: Tommi Rantala @ 2012-11-02 12:34 UTC (permalink / raw)
To: linux-kernel
Cc: Dave Jones, Tommi Rantala, David Howells, James Morris, keyrings,
linux-security-module
Avoid leaking memory in the keyctl() KEYCTL_INSTANTIATE_IOV operation, by also
checking in the error case if rw_copy_check_uvector() kmalloc'd memory for us.
Discovered with Trinity.
Signed-off-by: Tommi Rantala <tt.rantala@gmail.com>
---
security/keys/keyctl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 5d34b4e..a2c32a2 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1132,12 +1132,13 @@ long keyctl_instantiate_key_iov(key_serial_t id,
ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc,
ARRAY_SIZE(iovstack), iovstack, &iov);
if (ret < 0)
- return ret;
+ goto out;
if (ret == 0)
goto no_payload_free;
ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid);
+out:
if (iov != iovstack)
kfree(iov);
return ret;
--
1.7.9.5
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2012-11-02 12:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-11-02 12:34 [PATCH] KEYS: fix KEYCTL_INSTANTIATE_IOV error case memory leak Tommi Rantala
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox