From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751230AbdL3R6O (ORCPT ); Sat, 30 Dec 2017 12:58:14 -0500 Received: from mail-wm0-f68.google.com ([74.125.82.68]:45140 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751176AbdL3R6L (ORCPT ); Sat, 30 Dec 2017 12:58:11 -0500 X-Google-Smtp-Source: ACJfBovepYcH9fXyKfHKF9Zs30cCAmfO5S0wY3h/QOg1f4rQBr6bm6/pELYxwSXCoYM04goLRtarCg== From: Dan Aloni X-Google-Original-From: Dan Aloni To: linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Cc: Dan Aloni , Herbert Xu Subject: [PATCH 1/5] crypto: fix memory leak in rsa-kcs1pad encryption Date: Sat, 30 Dec 2017 19:58:00 +0200 Message-Id: <20171230175804.7354-2-alonid@gmail.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20171230175804.7354-1-alonid@gmail.com> References: <20171230175804.7354-1-alonid@gmail.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dan Aloni The encryption mode of pkcs1pad never uses out_sg and out_buf, so there's no need to allocate the buffer, which presently is not even being freed. CC: Herbert Xu Signed-off-by: Dan Aloni --- crypto/rsa-pkcs1pad.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c index 2908f93c3e55..e8354084ef4e 100644 --- a/crypto/rsa-pkcs1pad.c +++ b/crypto/rsa-pkcs1pad.c @@ -261,15 +261,6 @@ static int pkcs1pad_encrypt(struct akcipher_request *req) pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf, ctx->key_size - 1 - req->src_len, req->src); - req_ctx->out_buf = kmalloc(ctx->key_size, GFP_KERNEL); - if (!req_ctx->out_buf) { - kfree(req_ctx->in_buf); - return -ENOMEM; - } - - pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf, - ctx->key_size, NULL); - akcipher_request_set_tfm(&req_ctx->child_req, ctx->child); akcipher_request_set_callback(&req_ctx->child_req, req->base.flags, pkcs1pad_encrypt_sign_complete_cb, req); -- 2.13.6