From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: stable-review@kernel.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Dan Carpenter <error27@gmail.com>,
Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Subject: [06/29] ecryptfs: use after free
Date: Fri, 22 Jan 2010 16:09:50 -0800 [thread overview]
Message-ID: <20100123001111.003565766@mini.kroah.org> (raw)
In-Reply-To: <20100123001145.GA7391@kroah.com>
2.6.32-stable review patch. If anyone has any objections, please let us know.
------------------
From: Dan Carpenter <error27@gmail.com>
commit ece550f51ba175c14ec3ec047815927d7386ea1f upstream.
The "full_alg_name" variable is used on a couple error paths, so we
shouldn't free it until the end.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
fs/ecryptfs/crypto.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -1748,7 +1748,7 @@ ecryptfs_process_key_cipher(struct crypt
char *cipher_name, size_t *key_size)
{
char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
- char *full_alg_name;
+ char *full_alg_name = NULL;
int rc;
*key_tfm = NULL;
@@ -1763,7 +1763,6 @@ ecryptfs_process_key_cipher(struct crypt
if (rc)
goto out;
*key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
- kfree(full_alg_name);
if (IS_ERR(*key_tfm)) {
rc = PTR_ERR(*key_tfm);
printk(KERN_ERR "Unable to allocate crypto cipher with name "
@@ -1786,6 +1785,7 @@ ecryptfs_process_key_cipher(struct crypt
goto out;
}
out:
+ kfree(full_alg_name);
return rc;
}
next prev parent reply other threads:[~2010-01-23 0:29 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-23 0:11 [00/29] 2.6.32.6 stable review Greg KH
2010-01-23 0:09 ` [01/29] x86, msr/cpuid: Register enough minors for the MSR and CPUID drivers Greg KH
2010-01-23 0:09 ` [02/29] V4L/DVB (13900): gspca - sunplus: Fix bridge exchanges Greg KH
2010-01-23 0:09 ` [03/29] Staging: asus_oled: fix oops in 2.6.32.2 Greg KH
2010-01-23 0:09 ` [04/29] Staging: hv: fix smp problems in the hyperv core code Greg KH
2010-01-23 0:09 ` [05/29] tty: fix race in tty_fasync Greg KH
2010-01-23 0:09 ` Greg KH [this message]
2010-01-23 0:09 ` [07/29] ecryptfs: initialize private persistent file before dereferencing pointer Greg KH
2010-01-23 0:09 ` [08/29] nozomi: quick fix for the close/close bug Greg KH
2010-01-23 0:09 ` [09/29] serial: 8250_pnp: use wildcard for serial Wacom tablets Greg KH
2010-01-23 0:09 ` [10/29] usb: serial: fix memory leak in generic driver Greg KH
2010-01-23 0:09 ` [11/29] USB: fix bitmask merge error Greg KH
2010-01-23 0:09 ` [12/29] USB: Dont use GFP_KERNEL while we cannot reset a storage device Greg KH
2010-01-23 0:09 ` [13/29] USB: EHCI: fix handling of unusual interrupt intervals Greg KH
2010-01-23 0:09 ` [14/29] USB: EHCI & UHCI: fix race between root-hub suspend and port resume Greg KH
2010-01-23 0:09 ` [15/29] USB: add missing delay during remote wakeup Greg KH
2010-01-23 0:10 ` [16/29] USB: add speed values for USB 3.0 and wireless controllers Greg KH
2010-01-23 0:10 ` [17/29] ACPI: EC: Accelerate query execution Greg KH
2010-01-23 0:10 ` [18/29] ACPI: EC: Add wait for irq storm Greg KH
2010-01-23 0:10 ` [19/29] SCSI: enclosure: fix oops while iterating enclosure_status array Greg KH
2010-01-23 0:10 ` [20/29] drm/i915: Read the response after issuing DDC bus switch command Greg KH
2010-01-23 0:10 ` [21/29] drm/i915: try another possible DDC bus for the SDVO device with multiple outputs Greg KH
2010-01-23 0:10 ` [22/29] block: bdev_stack_limits wrapper Greg KH
2010-01-23 0:10 ` [23/29] DM: Fix device mapper topology stacking Greg KH
2010-01-23 0:10 ` [24/29] x86/PCI/PAT: return EINVAL for pci mmap WC request for !pat_enabled Greg KH
2010-01-23 0:10 ` [25/29] USB: fix usbstorage for 2770:915d delivers no FAT Greg KH
2010-01-23 2:43 ` [Stable-review] " Ben Hutchings
2010-01-23 6:05 ` Greg KH
2010-01-23 0:10 ` [26/29] vmalloc: remove BUG_ON due to racy counting of VM_LAZY_FREE Greg KH
2010-01-23 0:10 ` [27/29] perf timechart: Use tid not pid for COMM change Greg KH
2010-01-23 0:10 ` [28/29] perf events: Dont report side-band events on each cpu for per-task-per-cpu events Greg KH
2010-01-23 11:38 ` [Stable-review] " Stefan Bader
2010-01-23 15:33 ` Greg KH
2010-01-25 18:04 ` Greg KH
2010-01-23 0:10 ` [29/29] perf: Honour event state for aux stream data Greg KH
2010-01-24 7:21 ` [stable] [00/29] 2.6.32.6 stable review Andrew Morton
2010-01-24 16:29 ` Thomas Gleixner
2010-01-25 8:40 ` Ozan Çağlayan
2010-01-25 17:16 ` Greg KH
2010-01-25 17:39 ` Ozan Çağlayan
2010-01-25 17:46 ` Greg KH
2010-01-25 19:09 ` Greg KH
2010-01-25 18:22 ` Thomas Gleixner
2010-01-25 17:15 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100123001111.003565766@mini.kroah.org \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=error27@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tyhicks@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox