From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56748) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c4Q1p-0004HT-0c for qemu-devel@nongnu.org; Wed, 09 Nov 2016 05:22:50 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c4Q1l-0002o1-6S for qemu-devel@nongnu.org; Wed, 09 Nov 2016 05:22:48 -0500 Received: from mx1.redhat.com ([209.132.183.28]:51416) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1c4Q1l-0002nM-0u for qemu-devel@nongnu.org; Wed, 09 Nov 2016 05:22:45 -0500 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C2A173D979 for ; Wed, 9 Nov 2016 10:22:43 +0000 (UTC) Date: Wed, 9 Nov 2016 10:22:39 +0000 From: "Daniel P. Berrange" Message-ID: <20161109102239.GB22181@redhat.com> Reply-To: "Daniel P. Berrange" References: <20161109101815.9057-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20161109101815.9057-1-marcandre.lureau@redhat.com> Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [PATCH] cipher: fix leak on initialization error List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: =?utf-8?Q?Marc-Andr=C3=A9?= Lureau Cc: qemu-devel@nongnu.org On Wed, Nov 09, 2016 at 02:18:15PM +0400, Marc-Andr=C3=A9 Lureau wrote: > If ctx->blocksize !=3D XTS_BLOCK_SIZE, ctx will be leaked. > Assign ctx earler, and call qcrypto_cipher_free() on error. >=20 > Spotted thanks to ASAN. >=20 > Signed-off-by: Marc-Andr=C3=A9 Lureau > --- > crypto/cipher-nettle.c | 15 ++++++++------- > 1 file changed, 8 insertions(+), 7 deletions(-) >=20 > diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c > index cd094cd..593962c 100644 > --- a/crypto/cipher-nettle.c > +++ b/crypto/cipher-nettle.c > @@ -376,6 +376,7 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgo= rithm alg, > goto error; > } 'ctx' is non-NULL at this point and there's a 'goto error' just above here.... > =20 > + cipher->opaque =3D ctx; > if (mode =3D=3D QCRYPTO_CIPHER_MODE_XTS && > ctx->blocksize !=3D XTS_BLOCK_SIZE) { > error_setg(errp, "Cipher block size %zu must equal XTS block s= ize %d", > @@ -384,13 +385,11 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAl= gorithm alg, > } > =20 > ctx->iv =3D g_new0(uint8_t, ctx->blocksize); > - cipher->opaque =3D ctx; > =20 > return cipher; > =20 > error: > - g_free(cipher); > - g_free(ctx); > + qcrypto_cipher_free(cipher); > return NULL; > } ...so you're leaking 'ctx' now, since it hasn't been assigned to cipher->ctx. You need to move 'cipher->opque =3D ctx' to the place where we initially allocate 'ctx', before any gotos at which point.... > =20 > @@ -404,10 +403,12 @@ void qcrypto_cipher_free(QCryptoCipher *cipher) > } > =20 > ctx =3D cipher->opaque; > - g_free(ctx->iv); > - g_free(ctx->ctx); > - g_free(ctx->ctx_tweak); > - g_free(ctx); > + if (ctx) { > + g_free(ctx->iv); > + g_free(ctx->ctx); > + g_free(ctx->ctx_tweak); > + g_free(ctx); > + } > g_free(cipher); > } ...this change is not needed Regards, Daniel --=20 |: http://berrange.com -o- http://www.flickr.com/photos/dberrange= / :| |: http://libvirt.org -o- http://virt-manager.or= g :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr= / :|