From 7efd95f6270e210be90b94466bd3405b81e8d667 Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Sun, 23 Jan 2011 18:56:36 +1100 Subject: crypto: aesni-intel - Don't leak memory in rfc4106_set_hash_subkey There's a small memory leak in arch/x86/crypto/aesni-intel_glue.c::rfc4106_set_hash_subkey(). If the call to kmalloc() fails and returns NULL then the memory allocated previously by ablkcipher_request_alloc() is not freed when we leave the function. I could have just added a call to ablkcipher_request_free() before we return -ENOMEM, but that started to look too much like the code we already had at the end of the function, so I chose instead to rework the code a bit so that there are now a few labels at the end that we goto when various allocations fail, so we don't have to repeat the same blocks of code (this also reduces the object code size slightly). Signed-off-by: Jesper Juhl Signed-off-by: Herbert Xu --- arch/x86/crypto/aesni-intel_glue.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'arch') diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c index e1e60c7d581..e0135526345 100644 --- a/arch/x86/crypto/aesni-intel_glue.c +++ b/arch/x86/crypto/aesni-intel_glue.c @@ -873,21 +873,19 @@ rfc4106_set_hash_subkey(u8 *hash_subkey, const u8 *key, unsigned int key_len) crypto_ablkcipher_clear_flags(ctr_tfm, ~0); ret = crypto_ablkcipher_setkey(ctr_tfm, key, key_len); - if (ret) { - crypto_free_ablkcipher(ctr_tfm); - return ret; - } + if (ret) + goto out; req = ablkcipher_request_alloc(ctr_tfm, GFP_KERNEL); if (!req) { - crypto_free_ablkcipher(ctr_tfm); - return -EINVAL; + ret = -EINVAL; + goto out_free_ablkcipher; } req_data = kmalloc(sizeof(*req_data), GFP_KERNEL); if (!req_data) { - crypto_free_ablkcipher(ctr_tfm); - return -ENOMEM; + ret = -ENOMEM; + goto out_free_request; } memset(req_data->iv, 0, sizeof(req_data->iv)); @@ -913,9 +911,12 @@ rfc4106_set_hash_subkey(u8 *hash_subkey, const u8 *key, unsigned int key_len) if (!ret) ret = req_data->result.err; } +out_free_request: ablkcipher_request_free(req); kfree(req_data); +out_free_ablkcipher: crypto_free_ablkcipher(ctr_tfm); +out: return ret; } -- cgit v1.2.3-70-g09d2 From fc9044e2db8c13746cd886d6276028b27ed5c78e Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Wed, 16 Feb 2011 13:04:09 +1100 Subject: crypto: aesni-intel - Fix remaining leak in rfc4106_set_hash_key Fix up previous patch that failed to properly fix mem leak in rfc4106_set_hash_subkey(). This add-on patch; fixes the leak. moves kfree() out of the error path, returns -ENOMEM rather than -EINVAL when ablkcipher_request_alloc() fails. Signed-off-by: Jesper Juhl Signed-off-by: Herbert Xu --- arch/x86/crypto/aesni-intel_glue.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'arch') diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c index e0135526345..e0e6340c8da 100644 --- a/arch/x86/crypto/aesni-intel_glue.c +++ b/arch/x86/crypto/aesni-intel_glue.c @@ -874,19 +874,17 @@ rfc4106_set_hash_subkey(u8 *hash_subkey, const u8 *key, unsigned int key_len) ret = crypto_ablkcipher_setkey(ctr_tfm, key, key_len); if (ret) - goto out; + goto out_free_ablkcipher; + ret = -ENOMEM; req = ablkcipher_request_alloc(ctr_tfm, GFP_KERNEL); - if (!req) { - ret = -EINVAL; + if (!req) goto out_free_ablkcipher; - } req_data = kmalloc(sizeof(*req_data), GFP_KERNEL); - if (!req_data) { - ret = -ENOMEM; + if (!req_data) goto out_free_request; - } + memset(req_data->iv, 0, sizeof(req_data->iv)); /* Clear the data in the hash sub key container to zero.*/ @@ -911,12 +909,11 @@ rfc4106_set_hash_subkey(u8 *hash_subkey, const u8 *key, unsigned int key_len) if (!ret) ret = req_data->result.err; } + kfree(req_data); out_free_request: ablkcipher_request_free(req); - kfree(req_data); out_free_ablkcipher: crypto_free_ablkcipher(ctr_tfm); -out: return ret; } -- cgit v1.2.3-70-g09d2