* [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() @ 2011-01-13 20:07 Jesper Juhl 2011-01-14 13:28 ` David Safford 2011-01-14 13:31 ` [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() David Howells 0 siblings, 2 replies; 25+ messages in thread From: Jesper Juhl @ 2011-01-13 20:07 UTC (permalink / raw) To: David Howells Cc: David Safford, James Morris, keyrings, linux-security-module, linux-kernel In security/keys/trusted_defined.c::TSS_rawhmac() we may leak the storage allocated to 'sdesc' if data = va_arg(argp, unsigned char *); results in a NULL 'data' and we then leave the function by returning -EINVAL. We also neglect calling va_end(argp) in that case and furthermore we neglect va_end(argp) if ret = crypto_shash_update(&sdesc->shash, data, dlen); results in ret being negative and we then jump to the 'out' label. I believe this patch takes care of these issues. Please review and consider for inclusion. Signed-off-by: Jesper Juhl <jj@chaosbits.net> --- trusted_defined.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) compile tested only. diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index 975e9f2..0ec7ab8 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c @@ -101,16 +101,18 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, if (dlen == 0) break; data = va_arg(argp, unsigned char *); - if (data == NULL) - return -EINVAL; + if (data == NULL) { + ret = -EINVAL; + goto out; + } ret = crypto_shash_update(&sdesc->shash, data, dlen); if (ret < 0) goto out; } - va_end(argp); if (!ret) ret = crypto_shash_final(&sdesc->shash, digest); out: + va_end(argp); kfree(sdesc); return ret; } -- Jesper Juhl <jj@chaosbits.net> http://www.chaosbits.net/ Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html Plain text mails only, please. ^ permalink raw reply related [flat|nested] 25+ messages in thread
* Re: [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() 2011-01-13 20:07 [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() Jesper Juhl @ 2011-01-14 13:28 ` David Safford 2011-01-14 13:45 ` [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so wealways " Tetsuo Handa 2011-01-14 13:31 ` [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() David Howells 1 sibling, 1 reply; 25+ messages in thread From: David Safford @ 2011-01-14 13:28 UTC (permalink / raw) To: Jesper Juhl Cc: David Howells, David Safford, James Morris, keyrings, linux-security-module, linux-kernel On Thu, 2011-01-13 at 21:07 +0100, Jesper Juhl wrote: > In security/keys/trusted_defined.c::TSS_rawhmac() we may leak the storage > allocated to 'sdesc' if > data = va_arg(argp, unsigned char *); > results in a NULL 'data' and we then leave the function by returning > -EINVAL. We also neglect calling va_end(argp) in that case and furthermore > we neglect va_end(argp) if > ret = crypto_shash_update(&sdesc->shash, data, dlen); > results in ret being negative and we then jump to the 'out' label. > > I believe this patch takes care of these issues. Please review and > consider for inclusion. > > Signed-off-by: Jesper Juhl <jj@chaosbits.net> thanks for catching this. Acked-by: David Safford <safford@watson.ibm.com> > --- > trusted_defined.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > compile tested only. > > diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c > index 975e9f2..0ec7ab8 100644 > --- a/security/keys/trusted_defined.c > +++ b/security/keys/trusted_defined.c > @@ -101,16 +101,18 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, > if (dlen == 0) > break; > data = va_arg(argp, unsigned char *); > - if (data == NULL) > - return -EINVAL; > + if (data == NULL) { > + ret = -EINVAL; > + goto out; > + } > ret = crypto_shash_update(&sdesc->shash, data, dlen); > if (ret < 0) > goto out; > } > - va_end(argp); > if (!ret) > ret = crypto_shash_final(&sdesc->shash, digest); > out: > + va_end(argp); > kfree(sdesc); > return ret; > } > > > ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so wealways kfree() and remember to call va_end() 2011-01-14 13:28 ` David Safford @ 2011-01-14 13:45 ` Tetsuo Handa 2011-01-14 14:07 ` Tetsuo Handa 0 siblings, 1 reply; 25+ messages in thread From: Tetsuo Handa @ 2011-01-14 13:45 UTC (permalink / raw) To: safford Cc: dhowells, safford, jmorris, keyrings, linux-security-module, linux-kernel David Safford wrote: > On Thu, 2011-01-13 at 21:07 +0100, Jesper Juhl wrote: > > In security/keys/trusted_defined.c::TSS_rawhmac() we may leak the storage > > allocated to 'sdesc' if > > data = va_arg(argp, unsigned char *); > > results in a NULL 'data' and we then leave the function by returning > > -EINVAL. We also neglect calling va_end(argp) in that case and furthermore > > we neglect va_end(argp) if > > ret = crypto_shash_update(&sdesc->shash, data, dlen); > > results in ret being negative and we then jump to the 'out' label. > > > > I believe this patch takes care of these issues. Please review and > > consider for inclusion. > > > > Signed-off-by: Jesper Juhl <jj@chaosbits.net> > > thanks for catching this. > > Acked-by: David Safford <safford@watson.ibm.com> Please wait. That patch is incorrect. I'm making patch now. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so wealways kfree() and remember to call va_end() 2011-01-14 13:45 ` [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so wealways " Tetsuo Handa @ 2011-01-14 14:07 ` Tetsuo Handa 2011-01-15 0:58 ` Tetsuo Handa 2011-01-16 14:04 ` Jesper Juhl 0 siblings, 2 replies; 25+ messages in thread From: Tetsuo Handa @ 2011-01-14 14:07 UTC (permalink / raw) To: safford Cc: dhowells, safford, jmorris, keyrings, linux-security-module, linux-kernel Tetsuo Handa wrote: > Please wait. That patch is incorrect. I'm making patch now. I'm doing "git pull" now. Using 2.6.37-git11 instead. James Morris wrote: > It's queued in my for-linus branch, waiting to see what happens with > http://marc.info/?l=linux-security-module&m=129494927918805&w=3 I think above patch is incorrect because va_end() might be called without va_start(). C says va_start() without va_end() causes undefined behavior. I think va_end() without va_start() causes undefined behavior as well. [PATCH 1/3] Trusted and Encrypted Keys: fix memory leak. Use "break" rather than "return"/"goto" in order to make sure that va_end() is always called. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> --- security/keys/trusted_defined.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- linux-2.6.37-git11.orig/security/keys/trusted_defined.c +++ linux-2.6.37-git11/security/keys/trusted_defined.c @@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *di if (dlen == 0) break; data = va_arg(argp, unsigned char *); - if (data == NULL) - return -EINVAL; + if (data == NULL) { + ret = -EINVAL; + break; + } ret = crypto_shash_update(&sdesc->shash, data, dlen); if (ret < 0) - goto out; + break; } va_end(argp); if (!ret) By the way, TSS_authhmac() has similar code. data = va_arg(argp, unsigned char *); ret = crypto_shash_update(&sdesc->shash, data, dlen); I don't know why we check for NULL in TSS_rawhmac(), but I think we should check for NULL in TSS_authhmac() as well. [PATCH 2/3] Trusted and Encrypted Keys: check for NULL. Check for NULL in TSS_authhmac() as well as TSS_rawhmac(). Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> --- security/keys/trusted_defined.c | 5 +++++ 1 file changed, 5 insertions(+) --- linux-2.6.37-git11.orig/security/keys/trusted_defined.c +++ linux-2.6.37-git11/security/keys/trusted_defined.c @@ -148,6 +148,11 @@ static int TSS_authhmac(unsigned char *d if (dlen == 0) break; data = va_arg(argp, unsigned char *); + if (!data) { + ret = -EINVAL; + va_end(argp); + goto out; + } ret = crypto_shash_update(&sdesc->shash, data, dlen); if (ret < 0) { va_end(argp); Also, on the assumption that crypto_shash_init()/crypto_shash_update() return 0 on success and negative value otherwise, below cleanup is possible. [PATCH 3/3] Trusted and Encrypted Keys: avoid goto within va_start()/va_end() Avoid use of "goto" inside va_start(); for (;;) { } va_end(); in order to avoid scattering va_end() inside the loop. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> --- security/keys/trusted_defined.c | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) --- linux-2.6.37-git11.orig/security/keys/trusted_defined.c +++ linux-2.6.37-git11/security/keys/trusted_defined.c @@ -150,17 +150,15 @@ static int TSS_authhmac(unsigned char *d data = va_arg(argp, unsigned char *); if (!data) { ret = -EINVAL; - va_end(argp); - goto out; + break; } ret = crypto_shash_update(&sdesc->shash, data, dlen); - if (ret < 0) { - va_end(argp); - goto out; - } + if (ret < 0) + break; } va_end(argp); - ret = crypto_shash_final(&sdesc->shash, paramdigest); + if (!ret) + ret = crypto_shash_final(&sdesc->shash, paramdigest); if (!ret) ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, paramdigest, TPM_NONCE_SIZE, h1, @@ -229,13 +227,12 @@ static int TSS_checkhmac1(unsigned char break; dpos = va_arg(argp, unsigned int); ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); - if (ret < 0) { - va_end(argp); - goto out; - } + if (ret < 0) + break; } va_end(argp); - ret = crypto_shash_final(&sdesc->shash, paramdigest); + if (!ret) + ret = crypto_shash_final(&sdesc->shash, paramdigest); if (ret < 0) goto out; @@ -323,13 +320,12 @@ static int TSS_checkhmac2(unsigned char break; dpos = va_arg(argp, unsigned int); ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); - if (ret < 0) { - va_end(argp); - goto out; - } + if (ret < 0) + break; } va_end(argp); - ret = crypto_shash_final(&sdesc->shash, paramdigest); + if (!ret) + ret = crypto_shash_final(&sdesc->shash, paramdigest); if (ret < 0) goto out; Not tested at all. Please review and test. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so wealways kfree() and remember to call va_end() 2011-01-14 14:07 ` Tetsuo Handa @ 2011-01-15 0:58 ` Tetsuo Handa 2011-01-16 14:04 ` Jesper Juhl 1 sibling, 0 replies; 25+ messages in thread From: Tetsuo Handa @ 2011-01-15 0:58 UTC (permalink / raw) To: safford, dhowells, jj Cc: jmorris, keyrings, linux-security-module, linux-kernel Tetsuo Handa wrote: > Tetsuo Handa wrote: > > Please wait. That patch is incorrect. I'm making patch now. > I'm doing "git pull" now. Using 2.6.37-git11 instead. "git pull" completed. Refreshed using security-testing-2.6#for-linus and compile tested. Please review and test. From 161ec4ee18cc86b41277b9a92a8fb2e732b3662f Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Date: Sat, 15 Jan 2011 05:23:53 +0900 Subject: [PATCH 1/3] trusted-keys: another free memory bugfix TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and forgot to call va_end() when crypto_shash_update() < 0. Fix these bugs by escaping from the loop using "break" (rather than "return"/"goto") in order to make sure that va_end()/kfree() are always called. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> --- security/keys/trusted_defined.c | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-) diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index 932f868..7b21795 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c @@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, if (dlen == 0) break; data = va_arg(argp, unsigned char *); - if (data == NULL) - return -EINVAL; + if (data == NULL) { + ret = -EINVAL; + break; + } ret = crypto_shash_update(&sdesc->shash, data, dlen); if (ret < 0) - goto out; + break; } va_end(argp); if (!ret) -- 1.6.1 From 06bbcce524ceedb404519cade2c592d66c251595 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Date: Sat, 15 Jan 2011 05:40:51 +0900 Subject: [PATCH 2/3] trusted-keys: check for NULL before using it TSS_rawhmac() checks for data != NULL before using it. We should do the same thing for TSS_authhmac(). Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> --- security/keys/trusted_defined.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index 7b21795..f7d0677 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c @@ -148,6 +148,11 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, if (dlen == 0) break; data = va_arg(argp, unsigned char *); + if (!data) { + ret = -EINVAL; + va_end(argp); + goto out; + } ret = crypto_shash_update(&sdesc->shash, data, dlen); if (ret < 0) { va_end(argp); -- 1.6.1 From b4d611a1489da65366ad3e72a00093be76d39fc5 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Date: Sat, 15 Jan 2011 05:47:22 +0900 Subject: [PATCH 3/3] trusted-keys: avoid scattring va_end() We can avoid scattering va_end() within the va_start(); for (;;) { } va_end(); loop, assuming that crypto_shash_init()/crypto_shash_update() return 0 on success and negative value otherwise. Make TSS_authhmac()/TSS_checkhmac1()/TSS_checkhmac2() similar to TSS_rawhmac() by removing "va_end()/goto" from the loop. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> --- security/keys/trusted_defined.c | 30 +++++++++++++----------------- 1 files changed, 13 insertions(+), 17 deletions(-) diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index f7d0677..2836c6d 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c @@ -150,17 +150,15 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, data = va_arg(argp, unsigned char *); if (!data) { ret = -EINVAL; - va_end(argp); - goto out; + break; } ret = crypto_shash_update(&sdesc->shash, data, dlen); - if (ret < 0) { - va_end(argp); - goto out; - } + if (ret < 0) + break; } va_end(argp); - ret = crypto_shash_final(&sdesc->shash, paramdigest); + if (!ret) + ret = crypto_shash_final(&sdesc->shash, paramdigest); if (!ret) ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, paramdigest, TPM_NONCE_SIZE, h1, @@ -229,13 +227,12 @@ static int TSS_checkhmac1(unsigned char *buffer, break; dpos = va_arg(argp, unsigned int); ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); - if (ret < 0) { - va_end(argp); - goto out; - } + if (ret < 0) + break; } va_end(argp); - ret = crypto_shash_final(&sdesc->shash, paramdigest); + if (!ret) + ret = crypto_shash_final(&sdesc->shash, paramdigest); if (ret < 0) goto out; @@ -323,13 +320,12 @@ static int TSS_checkhmac2(unsigned char *buffer, break; dpos = va_arg(argp, unsigned int); ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); - if (ret < 0) { - va_end(argp); - goto out; - } + if (ret < 0) + break; } va_end(argp); - ret = crypto_shash_final(&sdesc->shash, paramdigest); + if (!ret) + ret = crypto_shash_final(&sdesc->shash, paramdigest); if (ret < 0) goto out; -- 1.6.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* Re: [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so wealways kfree() and remember to call va_end() 2011-01-14 14:07 ` Tetsuo Handa 2011-01-15 0:58 ` Tetsuo Handa @ 2011-01-16 14:04 ` Jesper Juhl 2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa 1 sibling, 1 reply; 25+ messages in thread From: Jesper Juhl @ 2011-01-16 14:04 UTC (permalink / raw) To: Tetsuo Handa Cc: safford, dhowells, safford, jmorris, keyrings, linux-security-module, linux-kernel On Fri, 14 Jan 2011, Tetsuo Handa wrote: > Tetsuo Handa wrote: > > Please wait. That patch is incorrect. I'm making patch now. > I'm doing "git pull" now. Using 2.6.37-git11 instead. > > James Morris wrote: > > It's queued in my for-linus branch, waiting to see what happens with > > http://marc.info/?l=linux-security-module&m=129494927918805&w=3 > > I think above patch is incorrect because va_end() might be called without > va_start(). C says va_start() without va_end() causes undefined behavior. > I think va_end() without va_start() causes undefined behavior as well. > I agree. Your patches are better. Thanks. -- Jesper Juhl <jj@chaosbits.net> http://www.chaosbits.net/ Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html Plain text mails only, please. ^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 1/3] trusted-keys: another free memory bugfix 2011-01-16 14:04 ` Jesper Juhl @ 2011-01-17 0:39 ` Tetsuo Handa 2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa ` (4 more replies) 0 siblings, 5 replies; 25+ messages in thread From: Tetsuo Handa @ 2011-01-17 0:39 UTC (permalink / raw) To: safford, safford Cc: jj, dhowells, jmorris, keyrings, linux-security-module, linux-kernel Resending in separated mails in case somebody missed that there was 3 patches in one mail. ---------------------------------------- >From 94e965700f1e401408836d4aa782105483196842 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Date: Mon, 17 Jan 2011 09:22:47 +0900 Subject: [PATCH 1/3] trusted-keys: another free memory bugfix TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and forgot to call va_end() when crypto_shash_update() < 0. Fix these bugs by escaping from the loop using "break" (rather than "return"/"goto") in order to make sure that va_end()/kfree() are always called. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> --- security/keys/trusted_defined.c | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-) diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index 932f868..7b21795 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c @@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, if (dlen == 0) break; data = va_arg(argp, unsigned char *); - if (data == NULL) - return -EINVAL; + if (data == NULL) { + ret = -EINVAL; + break; + } ret = crypto_shash_update(&sdesc->shash, data, dlen); if (ret < 0) - goto out; + break; } va_end(argp); if (!ret) -- 1.7.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [PATCH 2/3] trusted-keys: check for NULL before using it 2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa @ 2011-01-17 0:41 ` Tetsuo Handa 2011-01-17 0:44 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() Tetsuo Handa ` (3 more replies) 2011-01-17 9:33 ` [PATCH 1/3] trusted-keys: another free memory bugfix David Howells ` (3 subsequent siblings) 4 siblings, 4 replies; 25+ messages in thread From: Tetsuo Handa @ 2011-01-17 0:41 UTC (permalink / raw) To: safford, safford Cc: jj, dhowells, jmorris, keyrings, linux-security-module, linux-kernel >From 8118c3d0d6f2b291d56e2f4475f2aa5156299cf3 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Date: Mon, 17 Jan 2011 09:25:34 +0900 Subject: [PATCH 2/3] trusted-keys: check for NULL before using it TSS_rawhmac() checks for data != NULL before using it. We should do the same thing for TSS_authhmac(). Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> --- security/keys/trusted_defined.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index 7b21795..f7d0677 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c @@ -148,6 +148,11 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, if (dlen == 0) break; data = va_arg(argp, unsigned char *); + if (!data) { + ret = -EINVAL; + va_end(argp); + goto out; + } ret = crypto_shash_update(&sdesc->shash, data, dlen); if (ret < 0) { va_end(argp); -- 1.7.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [PATCH 3/3] trusted-keys: avoid scattring va_end() 2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa @ 2011-01-17 0:44 ` Tetsuo Handa 2011-01-17 9:39 ` David Howells ` (2 more replies) 2011-01-17 9:34 ` [PATCH 2/3] trusted-keys: check for NULL before using it David Howells ` (2 subsequent siblings) 3 siblings, 3 replies; 25+ messages in thread From: Tetsuo Handa @ 2011-01-17 0:44 UTC (permalink / raw) To: safford, safford Cc: jj, dhowells, jmorris, keyrings, linux-security-module, linux-kernel >From 65b41710a476deae2e0899a4df40c02d199a4ee3 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Date: Mon, 17 Jan 2011 09:27:27 +0900 Subject: [PATCH 3/3] trusted-keys: avoid scattring va_end() We can avoid scattering va_end() within the va_start(); for (;;) { } va_end(); loop, assuming that crypto_shash_init()/crypto_shash_update() return 0 on success and negative value otherwise. Make TSS_authhmac()/TSS_checkhmac1()/TSS_checkhmac2() similar to TSS_rawhmac() by removing "va_end()/goto" from the loop. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> --- security/keys/trusted_defined.c | 30 +++++++++++++----------------- 1 files changed, 13 insertions(+), 17 deletions(-) diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index f7d0677..2836c6d 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c @@ -150,17 +150,15 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, data = va_arg(argp, unsigned char *); if (!data) { ret = -EINVAL; - va_end(argp); - goto out; + break; } ret = crypto_shash_update(&sdesc->shash, data, dlen); - if (ret < 0) { - va_end(argp); - goto out; - } + if (ret < 0) + break; } va_end(argp); - ret = crypto_shash_final(&sdesc->shash, paramdigest); + if (!ret) + ret = crypto_shash_final(&sdesc->shash, paramdigest); if (!ret) ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, paramdigest, TPM_NONCE_SIZE, h1, @@ -229,13 +227,12 @@ static int TSS_checkhmac1(unsigned char *buffer, break; dpos = va_arg(argp, unsigned int); ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); - if (ret < 0) { - va_end(argp); - goto out; - } + if (ret < 0) + break; } va_end(argp); - ret = crypto_shash_final(&sdesc->shash, paramdigest); + if (!ret) + ret = crypto_shash_final(&sdesc->shash, paramdigest); if (ret < 0) goto out; @@ -323,13 +320,12 @@ static int TSS_checkhmac2(unsigned char *buffer, break; dpos = va_arg(argp, unsigned int); ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); - if (ret < 0) { - va_end(argp); - goto out; - } + if (ret < 0) + break; } va_end(argp); - ret = crypto_shash_final(&sdesc->shash, paramdigest); + if (!ret) + ret = crypto_shash_final(&sdesc->shash, paramdigest); if (ret < 0) goto out; -- 1.7.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* Re: [PATCH 3/3] trusted-keys: avoid scattring va_end() 2011-01-17 0:44 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() Tetsuo Handa @ 2011-01-17 9:39 ` David Howells 2011-01-17 18:36 ` Jesper Juhl 2011-01-17 21:06 ` Mimi Zohar 2 siblings, 0 replies; 25+ messages in thread From: David Howells @ 2011-01-17 9:39 UTC (permalink / raw) To: Tetsuo Handa Cc: dhowells, safford, safford, jj, jmorris, keyrings, linux-security-module, linux-kernel Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > From 65b41710a476deae2e0899a4df40c02d199a4ee3 Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > Date: Mon, 17 Jan 2011 09:27:27 +0900 > Subject: [PATCH 3/3] trusted-keys: avoid scattring va_end() > > We can avoid scattering va_end() within the > > va_start(); > for (;;) { > > } > va_end(); > > loop, assuming that crypto_shash_init()/crypto_shash_update() return 0 on > success and negative value otherwise. > > Make TSS_authhmac()/TSS_checkhmac1()/TSS_checkhmac2() similar to TSS_rawhmac() > by removing "va_end()/goto" from the loop. > > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: David Howells <dhowells@redhat.com> ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 3/3] trusted-keys: avoid scattring va_end() 2011-01-17 0:44 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() Tetsuo Handa 2011-01-17 9:39 ` David Howells @ 2011-01-17 18:36 ` Jesper Juhl 2011-01-17 21:06 ` Mimi Zohar 2 siblings, 0 replies; 25+ messages in thread From: Jesper Juhl @ 2011-01-17 18:36 UTC (permalink / raw) To: Tetsuo Handa Cc: safford, safford, dhowells, jmorris, keyrings, linux-security-module, linux-kernel On Mon, 17 Jan 2011, Tetsuo Handa wrote: > >From 65b41710a476deae2e0899a4df40c02d199a4ee3 Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > Date: Mon, 17 Jan 2011 09:27:27 +0900 > Subject: [PATCH 3/3] trusted-keys: avoid scattring va_end() > > We can avoid scattering va_end() within the > > va_start(); > for (;;) { > > } > va_end(); > > loop, assuming that crypto_shash_init()/crypto_shash_update() return 0 on > success and negative value otherwise. > > Make TSS_authhmac()/TSS_checkhmac1()/TSS_checkhmac2() similar to TSS_rawhmac() > by removing "va_end()/goto" from the loop. > > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > --- > security/keys/trusted_defined.c | 30 +++++++++++++----------------- > 1 files changed, 13 insertions(+), 17 deletions(-) > > diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c > index f7d0677..2836c6d 100644 > --- a/security/keys/trusted_defined.c > +++ b/security/keys/trusted_defined.c > @@ -150,17 +150,15 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, > data = va_arg(argp, unsigned char *); > if (!data) { > ret = -EINVAL; > - va_end(argp); > - goto out; > + break; > } > ret = crypto_shash_update(&sdesc->shash, data, dlen); > - if (ret < 0) { > - va_end(argp); > - goto out; > - } > + if (ret < 0) > + break; > } > va_end(argp); > - ret = crypto_shash_final(&sdesc->shash, paramdigest); > + if (!ret) > + ret = crypto_shash_final(&sdesc->shash, paramdigest); > if (!ret) > ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, > paramdigest, TPM_NONCE_SIZE, h1, > @@ -229,13 +227,12 @@ static int TSS_checkhmac1(unsigned char *buffer, > break; > dpos = va_arg(argp, unsigned int); > ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); > - if (ret < 0) { > - va_end(argp); > - goto out; > - } > + if (ret < 0) > + break; > } > va_end(argp); > - ret = crypto_shash_final(&sdesc->shash, paramdigest); > + if (!ret) > + ret = crypto_shash_final(&sdesc->shash, paramdigest); > if (ret < 0) > goto out; > > @@ -323,13 +320,12 @@ static int TSS_checkhmac2(unsigned char *buffer, > break; > dpos = va_arg(argp, unsigned int); > ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); > - if (ret < 0) { > - va_end(argp); > - goto out; > - } > + if (ret < 0) > + break; > } > va_end(argp); > - ret = crypto_shash_final(&sdesc->shash, paramdigest); > + if (!ret) > + ret = crypto_shash_final(&sdesc->shash, paramdigest); > if (ret < 0) > goto out; > > Looks good to me... Reviewed-by: Jesper Juhl <jj@chaosbits.net> -- Jesper Juhl <jj@chaosbits.net> http://www.chaosbits.net/ Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html Plain text mails only, please. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 3/3] trusted-keys: avoid scattring va_end() 2011-01-17 0:44 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() Tetsuo Handa 2011-01-17 9:39 ` David Howells 2011-01-17 18:36 ` Jesper Juhl @ 2011-01-17 21:06 ` Mimi Zohar 2011-01-18 1:39 ` [PATCH 3/3] trusted-keys: small cleanup Tetsuo Handa 2 siblings, 1 reply; 25+ messages in thread From: Mimi Zohar @ 2011-01-17 21:06 UTC (permalink / raw) To: Tetsuo Handa Cc: safford, David Safford, jj, dhowells, jmorris, keyrings, linux-security-module, linux-kernel On Mon, 2011-01-17 at 09:44 +0900, Tetsuo Handa wrote: > From 65b41710a476deae2e0899a4df40c02d199a4ee3 Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > Date: Mon, 17 Jan 2011 09:27:27 +0900 > Subject: [PATCH 3/3] trusted-keys: avoid scattring va_end() > > We can avoid scattering va_end() within the > > va_start(); > for (;;) { > > } > va_end(); > > loop, assuming that crypto_shash_init()/crypto_shash_update() return 0 on > success and negative value otherwise. > > Make TSS_authhmac()/TSS_checkhmac1()/TSS_checkhmac2() similar to TSS_rawhmac() > by removing "va_end()/goto" from the loop. > > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> The patch looks good. Would you mind making the one change below? Acked-by: Mimi Zohar <zohar@us.ibm.com> > --- > security/keys/trusted_defined.c | 30 +++++++++++++----------------- > 1 files changed, 13 insertions(+), 17 deletions(-) > > diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c > index f7d0677..2836c6d 100644 > --- a/security/keys/trusted_defined.c > +++ b/security/keys/trusted_defined.c > @@ -150,17 +150,15 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, > data = va_arg(argp, unsigned char *); > if (!data) { > ret = -EINVAL; > - va_end(argp); > - goto out; > + break; > } > ret = crypto_shash_update(&sdesc->shash, data, dlen); > - if (ret < 0) { > - va_end(argp); > - goto out; > - } > + if (ret < 0) > + break; > } > va_end(argp); > - ret = crypto_shash_final(&sdesc->shash, paramdigest); > + if (!ret) > + ret = crypto_shash_final(&sdesc->shash, paramdigest); > if (!ret) Change the existing '(!ret)' to '(ret < 0)', like the rest of the code? It's not wrong, but .... > ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, > paramdigest, TPM_NONCE_SIZE, h1, > @@ -229,13 +227,12 @@ static int TSS_checkhmac1(unsigned char *buffer, > break; > dpos = va_arg(argp, unsigned int); > ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); > - if (ret < 0) { > - va_end(argp); > - goto out; > - } > + if (ret < 0) > + break; > } > va_end(argp); > - ret = crypto_shash_final(&sdesc->shash, paramdigest); > + if (!ret) > + ret = crypto_shash_final(&sdesc->shash, paramdigest); > if (ret < 0) > goto out; > > @@ -323,13 +320,12 @@ static int TSS_checkhmac2(unsigned char *buffer, > break; > dpos = va_arg(argp, unsigned int); > ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); > - if (ret < 0) { > - va_end(argp); > - goto out; > - } > + if (ret < 0) > + break; > } > va_end(argp); > - ret = crypto_shash_final(&sdesc->shash, paramdigest); > + if (!ret) > + ret = crypto_shash_final(&sdesc->shash, paramdigest); > if (ret < 0) > goto out; > ^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 3/3] trusted-keys: small cleanup 2011-01-17 21:06 ` Mimi Zohar @ 2011-01-18 1:39 ` Tetsuo Handa 2011-01-18 9:26 ` Mimi Zohar 0 siblings, 1 reply; 25+ messages in thread From: Tetsuo Handa @ 2011-01-18 1:39 UTC (permalink / raw) To: zohar Cc: safford, safford, jj, dhowells, jmorris, keyrings, linux-security-module, linux-kernel Mimi Zohar wrote: > Change the existing '(!ret)' to '(ret < 0)', like the rest of the code? > It's not wrong, but .... Something like this? ---------------------------------------- >From 9793efa6fbef62d9e85a06c329761c081ff804c5 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Date: Tue, 18 Jan 2011 10:14:32 +0900 Subject: [PATCH 3/3] trusted-keys: small cleanup We can avoid scattering va_end() by changing from initialize(); va_start(); for (;;) { if (error condition) { va_end(); goto out; } } va_end(); if (error condition) goto out; finalize(); out: to initialize(); va_start(); for (;;) { if (error condition) break; } va_end(); if (error condition) goto out; finalize(); out: . Also, use if (ret < 0) goto out; rather than if (!ret) ret = do_something(); to clarify error condition. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> --- security/keys/trusted_defined.c | 43 ++++++++++++++++++++------------------- 1 files changed, 22 insertions(+), 21 deletions(-) diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index f7d0677..bc04de1 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c @@ -101,7 +101,7 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, if (dlen == 0) break; data = va_arg(argp, unsigned char *); - if (data == NULL) { + if (!data) { ret = -EINVAL; break; } @@ -110,8 +110,9 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, break; } va_end(argp); - if (!ret) - ret = crypto_shash_final(&sdesc->shash, digest); + if (ret < 0) + goto out; + ret = crypto_shash_final(&sdesc->shash, digest); out: kfree(sdesc); return ret; @@ -150,21 +151,21 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, data = va_arg(argp, unsigned char *); if (!data) { ret = -EINVAL; - va_end(argp); - goto out; + break; } ret = crypto_shash_update(&sdesc->shash, data, dlen); - if (ret < 0) { - va_end(argp); - goto out; - } + if (ret < 0) + break; } va_end(argp); + if (ret < 0) + goto out; ret = crypto_shash_final(&sdesc->shash, paramdigest); - if (!ret) - ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, - paramdigest, TPM_NONCE_SIZE, h1, - TPM_NONCE_SIZE, h2, 1, &c, 0, 0); + if (ret < 0) + goto out; + ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, + paramdigest, TPM_NONCE_SIZE, h1, + TPM_NONCE_SIZE, h2, 1, &c, 0, 0); out: kfree(sdesc); return ret; @@ -229,12 +230,12 @@ static int TSS_checkhmac1(unsigned char *buffer, break; dpos = va_arg(argp, unsigned int); ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); - if (ret < 0) { - va_end(argp); - goto out; - } + if (ret < 0) + break; } va_end(argp); + if (ret < 0) + goto out; ret = crypto_shash_final(&sdesc->shash, paramdigest); if (ret < 0) goto out; @@ -323,12 +324,12 @@ static int TSS_checkhmac2(unsigned char *buffer, break; dpos = va_arg(argp, unsigned int); ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); - if (ret < 0) { - va_end(argp); - goto out; - } + if (ret < 0) + break; } va_end(argp); + if (ret < 0) + goto out; ret = crypto_shash_final(&sdesc->shash, paramdigest); if (ret < 0) goto out; -- 1.7.1 ^ permalink raw reply related [flat|nested] 25+ messages in thread
* Re: [PATCH 3/3] trusted-keys: small cleanup 2011-01-18 1:39 ` [PATCH 3/3] trusted-keys: small cleanup Tetsuo Handa @ 2011-01-18 9:26 ` Mimi Zohar 2011-01-18 11:03 ` Tetsuo Handa 0 siblings, 1 reply; 25+ messages in thread From: Mimi Zohar @ 2011-01-18 9:26 UTC (permalink / raw) To: Tetsuo Handa Cc: safford, safford, jj, dhowells, jmorris, keyrings, linux-security-module, linux-kernel On Tue, 2011-01-18 at 10:39 +0900, Tetsuo Handa wrote: > Mimi Zohar wrote: > > Change the existing '(!ret)' to '(ret < 0)', like the rest of the code? > > It's not wrong, but .... > > Something like this? Actually, I was only asking for a one line change in the patch. > > va_end(argp); > > - ret = crypto_shash_final(&sdesc->shash, paramdigest); > > + if (!ret) > > + ret = crypto_shash_final(&sdesc->shash, paramdigest); > > if (!ret) Change the second '(!ret)' here, the crypto_shash_file() return code test, from '(!ret)' to '(ret < 0)', like the other crypto_shash_file() tests. Thanks! Mimi ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 3/3] trusted-keys: small cleanup 2011-01-18 9:26 ` Mimi Zohar @ 2011-01-18 11:03 ` Tetsuo Handa 2011-01-18 11:28 ` Mimi Zohar 0 siblings, 1 reply; 25+ messages in thread From: Tetsuo Handa @ 2011-01-18 11:03 UTC (permalink / raw) To: zohar Cc: safford, safford, jj, dhowells, jmorris, keyrings, linux-security-module, linux-kernel Mimi Zohar wrote: > > > va_end(argp); > > > - ret = crypto_shash_final(&sdesc->shash, paramdigest); > > > + if (!ret) > > > + ret = crypto_shash_final(&sdesc->shash, paramdigest); > > > if (!ret) > > Change the second '(!ret)' here, the crypto_shash_file() return code > test, from '(!ret)' to '(ret < 0)', like the other crypto_shash_file() > tests. Did you mean changing from if (!ret) ret = crypto_shash_final(&sdesc->shash, paramdigest); to if (ret < 0) ret = crypto_shash_final(&sdesc->shash, paramdigest); (i.e. invert the condition)? I'm confused. Would you make the patch by yourself? ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 3/3] trusted-keys: small cleanup 2011-01-18 11:03 ` Tetsuo Handa @ 2011-01-18 11:28 ` Mimi Zohar 2011-01-18 11:42 ` Mimi Zohar 0 siblings, 1 reply; 25+ messages in thread From: Mimi Zohar @ 2011-01-18 11:28 UTC (permalink / raw) To: Tetsuo Handa Cc: safford, safford, jj, dhowells, jmorris, keyrings, linux-security-module, linux-kernel On Tue, 2011-01-18 at 20:03 +0900, Tetsuo Handa wrote: > Mimi Zohar wrote: > > > > va_end(argp); > > > > - ret = crypto_shash_final(&sdesc->shash, paramdigest); > > > > + if (!ret) > > > > + ret = crypto_shash_final(&sdesc->shash, paramdigest); > > > > if (!ret) > > > > Change the second '(!ret)' here, the crypto_shash_file() return code > > test, from '(!ret)' to '(ret < 0)', like the other crypto_shash_file() > > tests. > > Did you mean changing from > > if (!ret) > ret = crypto_shash_final(&sdesc->shash, paramdigest); > > to > > if (ret < 0) > ret = crypto_shash_final(&sdesc->shash, paramdigest); > > (i.e. invert the condition)? Wrong '(!ret)'. Instead of: va_end(argp); if (!ret) ret = crypto_shash_final(&sdesc->shash, paramdigest); if (!ret) do: va_end(argp); if (!ret) ret = crypto_shash_final(&sdesc->shash, paramdigest); if (ret < 0) > I'm confused. Would you make the patch by yourself? It's only for consistency, not that important. thanks, Mimi ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 3/3] trusted-keys: small cleanup 2011-01-18 11:28 ` Mimi Zohar @ 2011-01-18 11:42 ` Mimi Zohar 0 siblings, 0 replies; 25+ messages in thread From: Mimi Zohar @ 2011-01-18 11:42 UTC (permalink / raw) To: Tetsuo Handa Cc: safford, David Safford, jj, dhowells, jmorris, keyrings, linux-security-module, linux-kernel On Tue, 2011-01-18 at 06:28 -0500, Mimi Zohar wrote: > On Tue, 2011-01-18 at 20:03 +0900, Tetsuo Handa wrote: > > Mimi Zohar wrote: > > > > > va_end(argp); > > > > > - ret = crypto_shash_final(&sdesc->shash, paramdigest); > > > > > + if (!ret) > > > > > + ret = crypto_shash_final(&sdesc->shash, paramdigest); > > > > > if (!ret) > > > > > > Change the second '(!ret)' here, the crypto_shash_file() return code > > > test, from '(!ret)' to '(ret < 0)', like the other crypto_shash_file() > > > tests. > > > > Did you mean changing from > > > > if (!ret) > > ret = crypto_shash_final(&sdesc->shash, paramdigest); > > > > to > > > > if (ret < 0) > > ret = crypto_shash_final(&sdesc->shash, paramdigest); > > > > (i.e. invert the condition)? > > Wrong '(!ret)'. Instead of: > va_end(argp); > if (!ret) > ret = crypto_shash_final(&sdesc->shash, paramdigest); > if (!ret) > > do: > va_end(argp); > if (!ret) > ret = crypto_shash_final(&sdesc->shash, paramdigest); > if (ret < 0) > > > I'm confused. Would you make the patch by yourself? > > It's only for consistency, not that important. > > thanks, > > Mimi James, the original patch is fine as is. thanks, Mimi ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 2/3] trusted-keys: check for NULL before using it 2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa 2011-01-17 0:44 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() Tetsuo Handa @ 2011-01-17 9:34 ` David Howells 2011-01-17 18:35 ` Jesper Juhl 2011-01-17 21:02 ` Mimi Zohar 3 siblings, 0 replies; 25+ messages in thread From: David Howells @ 2011-01-17 9:34 UTC (permalink / raw) To: Tetsuo Handa Cc: dhowells, safford, safford, jj, jmorris, keyrings, linux-security-module, linux-kernel Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > From 8118c3d0d6f2b291d56e2f4475f2aa5156299cf3 Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > Date: Mon, 17 Jan 2011 09:25:34 +0900 > Subject: [PATCH 2/3] trusted-keys: check for NULL before using it > > TSS_rawhmac() checks for data != NULL before using it. > We should do the same thing for TSS_authhmac(). > > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: David Howells <dhowells@redhat.com> ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 2/3] trusted-keys: check for NULL before using it 2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa 2011-01-17 0:44 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() Tetsuo Handa 2011-01-17 9:34 ` [PATCH 2/3] trusted-keys: check for NULL before using it David Howells @ 2011-01-17 18:35 ` Jesper Juhl 2011-01-17 21:02 ` Mimi Zohar 3 siblings, 0 replies; 25+ messages in thread From: Jesper Juhl @ 2011-01-17 18:35 UTC (permalink / raw) To: Tetsuo Handa Cc: safford, safford, dhowells, jmorris, keyrings, linux-security-module, linux-kernel On Mon, 17 Jan 2011, Tetsuo Handa wrote: > >From 8118c3d0d6f2b291d56e2f4475f2aa5156299cf3 Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > Date: Mon, 17 Jan 2011 09:25:34 +0900 > Subject: [PATCH 2/3] trusted-keys: check for NULL before using it > > TSS_rawhmac() checks for data != NULL before using it. > We should do the same thing for TSS_authhmac(). > > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > --- > security/keys/trusted_defined.c | 5 +++++ > 1 files changed, 5 insertions(+), 0 deletions(-) > > diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c > index 7b21795..f7d0677 100644 > --- a/security/keys/trusted_defined.c > +++ b/security/keys/trusted_defined.c > @@ -148,6 +148,11 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, > if (dlen == 0) > break; > data = va_arg(argp, unsigned char *); > + if (!data) { > + ret = -EINVAL; > + va_end(argp); > + goto out; > + } > ret = crypto_shash_update(&sdesc->shash, data, dlen); > if (ret < 0) { > va_end(argp); > Looks good to me.. Reviewed-by: Jesper Juhl <jj@chaosbits.net> -- Jesper Juhl <jj@chaosbits.net> http://www.chaosbits.net/ Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html Plain text mails only, please. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 2/3] trusted-keys: check for NULL before using it 2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa ` (2 preceding siblings ...) 2011-01-17 18:35 ` Jesper Juhl @ 2011-01-17 21:02 ` Mimi Zohar 3 siblings, 0 replies; 25+ messages in thread From: Mimi Zohar @ 2011-01-17 21:02 UTC (permalink / raw) To: Tetsuo Handa Cc: safford, David Safford, jj, dhowells, jmorris, keyrings, linux-security-module, linux-kernel On Mon, 2011-01-17 at 09:41 +0900, Tetsuo Handa wrote: > From 8118c3d0d6f2b291d56e2f4475f2aa5156299cf3 Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > Date: Mon, 17 Jan 2011 09:25:34 +0900 > Subject: [PATCH 2/3] trusted-keys: check for NULL before using it > > TSS_rawhmac() checks for data != NULL before using it. > We should do the same thing for TSS_authhmac(). > > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Mimi Zohar <zohar@us.ibm.com> > --- > security/keys/trusted_defined.c | 5 +++++ > 1 files changed, 5 insertions(+), 0 deletions(-) > > diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c > index 7b21795..f7d0677 100644 > --- a/security/keys/trusted_defined.c > +++ b/security/keys/trusted_defined.c > @@ -148,6 +148,11 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, > if (dlen == 0) > break; > data = va_arg(argp, unsigned char *); > + if (!data) { > + ret = -EINVAL; > + va_end(argp); > + goto out; > + } > ret = crypto_shash_update(&sdesc->shash, data, dlen); > if (ret < 0) { > va_end(argp); ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 1/3] trusted-keys: another free memory bugfix 2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa 2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa @ 2011-01-17 9:33 ` David Howells 2011-01-17 18:34 ` Jesper Juhl ` (2 subsequent siblings) 4 siblings, 0 replies; 25+ messages in thread From: David Howells @ 2011-01-17 9:33 UTC (permalink / raw) To: Tetsuo Handa Cc: dhowells, safford, safford, jj, jmorris, keyrings, linux-security-module, linux-kernel Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote: > From 94e965700f1e401408836d4aa782105483196842 Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > Date: Mon, 17 Jan 2011 09:22:47 +0900 > Subject: [PATCH 1/3] trusted-keys: another free memory bugfix > > TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and > forgot to call va_end() when crypto_shash_update() < 0. > Fix these bugs by escaping from the loop using "break" > (rather than "return"/"goto") in order to make sure that > va_end()/kfree() are always called. > > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: David Howells <dhowells@redhat.com> ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 1/3] trusted-keys: another free memory bugfix 2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa 2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa 2011-01-17 9:33 ` [PATCH 1/3] trusted-keys: another free memory bugfix David Howells @ 2011-01-17 18:34 ` Jesper Juhl 2011-01-17 21:01 ` Mimi Zohar 2011-01-18 22:55 ` James Morris 4 siblings, 0 replies; 25+ messages in thread From: Jesper Juhl @ 2011-01-17 18:34 UTC (permalink / raw) To: Tetsuo Handa Cc: safford, safford, dhowells, jmorris, keyrings, linux-security-module, linux-kernel On Mon, 17 Jan 2011, Tetsuo Handa wrote: > Resending in separated mails in case somebody missed that > there was 3 patches in one mail. > ---------------------------------------- > >From 94e965700f1e401408836d4aa782105483196842 Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > Date: Mon, 17 Jan 2011 09:22:47 +0900 > Subject: [PATCH 1/3] trusted-keys: another free memory bugfix > > TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and > forgot to call va_end() when crypto_shash_update() < 0. > Fix these bugs by escaping from the loop using "break" > (rather than "return"/"goto") in order to make sure that > va_end()/kfree() are always called. > > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > --- > security/keys/trusted_defined.c | 8 +++++--- > 1 files changed, 5 insertions(+), 3 deletions(-) > > diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c > index 932f868..7b21795 100644 > --- a/security/keys/trusted_defined.c > +++ b/security/keys/trusted_defined.c > @@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, > if (dlen == 0) > break; > data = va_arg(argp, unsigned char *); > - if (data == NULL) > - return -EINVAL; > + if (data == NULL) { > + ret = -EINVAL; > + break; > + } > ret = crypto_shash_update(&sdesc->shash, data, dlen); > if (ret < 0) > - goto out; > + break; > } > va_end(argp); > if (!ret) > Looks good to me. Reviewed-by: Jesper Juhl <jj@chaosbits.net> -- Jesper Juhl <jj@chaosbits.net> http://www.chaosbits.net/ Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html Plain text mails only, please. ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 1/3] trusted-keys: another free memory bugfix 2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa ` (2 preceding siblings ...) 2011-01-17 18:34 ` Jesper Juhl @ 2011-01-17 21:01 ` Mimi Zohar 2011-01-18 22:55 ` James Morris 4 siblings, 0 replies; 25+ messages in thread From: Mimi Zohar @ 2011-01-17 21:01 UTC (permalink / raw) To: Tetsuo Handa Cc: safford, David Safford, jj, dhowells, jmorris, keyrings, linux-security-module, linux-kernel On Mon, 2011-01-17 at 09:39 +0900, Tetsuo Handa wrote: > Resending in separated mails in case somebody missed that > there was 3 patches in one mail. > ---------------------------------------- > From 94e965700f1e401408836d4aa782105483196842 Mon Sep 17 00:00:00 2001 > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > Date: Mon, 17 Jan 2011 09:22:47 +0900 > Subject: [PATCH 1/3] trusted-keys: another free memory bugfix > > TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and > forgot to call va_end() when crypto_shash_update() < 0. > Fix these bugs by escaping from the loop using "break" > (rather than "return"/"goto") in order to make sure that > va_end()/kfree() are always called. > > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Mimi Zohar <zohar@us.ibm.com> > --- > security/keys/trusted_defined.c | 8 +++++--- > 1 files changed, 5 insertions(+), 3 deletions(-) > > diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c > index 932f868..7b21795 100644 > --- a/security/keys/trusted_defined.c > +++ b/security/keys/trusted_defined.c > @@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, > if (dlen == 0) > break; > data = va_arg(argp, unsigned char *); > - if (data == NULL) > - return -EINVAL; > + if (data == NULL) { > + ret = -EINVAL; > + break; > + } > ret = crypto_shash_update(&sdesc->shash, data, dlen); > if (ret < 0) > - goto out; > + break; > } > va_end(argp); > if (!ret) ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 1/3] trusted-keys: another free memory bugfix 2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa ` (3 preceding siblings ...) 2011-01-17 21:01 ` Mimi Zohar @ 2011-01-18 22:55 ` James Morris 4 siblings, 0 replies; 25+ messages in thread From: James Morris @ 2011-01-18 22:55 UTC (permalink / raw) To: Tetsuo Handa Cc: safford, safford, jj, dhowells, keyrings, linux-security-module, linux-kernel On Mon, 17 Jan 2011, Tetsuo Handa wrote: > Resending in separated mails in case somebody missed that > there was 3 patches in one mail. All applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#for-linus -- James Morris <jmorris@namei.org> ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() 2011-01-13 20:07 [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() Jesper Juhl 2011-01-14 13:28 ` David Safford @ 2011-01-14 13:31 ` David Howells 1 sibling, 0 replies; 25+ messages in thread From: David Howells @ 2011-01-14 13:31 UTC (permalink / raw) To: Jesper Juhl, Mimi Zohar Cc: dhowells, David Safford, James Morris, keyrings, linux-security-module, linux-kernel Jesper Juhl <jj@chaosbits.net> wrote: > In security/keys/trusted_defined.c::TSS_rawhmac() we may leak the storage > allocated to 'sdesc' if > data = va_arg(argp, unsigned char *); > results in a NULL 'data' and we then leave the function by returning > -EINVAL. We also neglect calling va_end(argp) in that case and furthermore > we neglect va_end(argp) if > ret = crypto_shash_update(&sdesc->shash, data, dlen); > results in ret being negative and we then jump to the 'out' label. > > I believe this patch takes care of these issues. Please review and > consider for inclusion. > > Signed-off-by: Jesper Juhl <jj@chaosbits.net> Acked-by: David Howells <dhowells@redhat.com> ^ permalink raw reply [flat|nested] 25+ messages in thread
end of thread, other threads:[~2011-01-18 22:55 UTC | newest] Thread overview: 25+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2011-01-13 20:07 [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() Jesper Juhl 2011-01-14 13:28 ` David Safford 2011-01-14 13:45 ` [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so wealways " Tetsuo Handa 2011-01-14 14:07 ` Tetsuo Handa 2011-01-15 0:58 ` Tetsuo Handa 2011-01-16 14:04 ` Jesper Juhl 2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa 2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa 2011-01-17 0:44 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() Tetsuo Handa 2011-01-17 9:39 ` David Howells 2011-01-17 18:36 ` Jesper Juhl 2011-01-17 21:06 ` Mimi Zohar 2011-01-18 1:39 ` [PATCH 3/3] trusted-keys: small cleanup Tetsuo Handa 2011-01-18 9:26 ` Mimi Zohar 2011-01-18 11:03 ` Tetsuo Handa 2011-01-18 11:28 ` Mimi Zohar 2011-01-18 11:42 ` Mimi Zohar 2011-01-17 9:34 ` [PATCH 2/3] trusted-keys: check for NULL before using it David Howells 2011-01-17 18:35 ` Jesper Juhl 2011-01-17 21:02 ` Mimi Zohar 2011-01-17 9:33 ` [PATCH 1/3] trusted-keys: another free memory bugfix David Howells 2011-01-17 18:34 ` Jesper Juhl 2011-01-17 21:01 ` Mimi Zohar 2011-01-18 22:55 ` James Morris 2011-01-14 13:31 ` [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() David Howells
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox