diff mbox series

PKCS#7: fix a possible memory leak when calculating the digest

Message ID 20220224190838.144388-1-d.glazkov@omp.ru (mailing list archive)
State New
Headers show
Series PKCS#7: fix a possible memory leak when calculating the digest | expand

Commit Message

Denis Glazkov Feb. 24, 2022, 7:09 p.m. UTC 
In function `pkcs7_digest`, if there is an error allocating memory
for the `shash_desc` structure, the public key signature digest
remains unfreed.

Signed-off-by: Denis Glazkov <d.glazkov@omp.ru>
---
 crypto/asymmetric_keys/pkcs7_verify.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Eric Biggers Feb. 24, 2022, 7:34 p.m. UTC | #1 
On Thu, Feb 24, 2022 at 07:09:12PM +0000, Denis Glazkov wrote:
> In function `pkcs7_digest`, if there is an error allocating memory
> for the `shash_desc` structure, the public key signature digest
> remains unfreed.
> 
> Signed-off-by: Denis Glazkov <d.glazkov@omp.ru>
> ---
>  crypto/asymmetric_keys/pkcs7_verify.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
> index 0b4d07aa8811..e6f648dcc02a 100644
> --- a/crypto/asymmetric_keys/pkcs7_verify.c
> +++ b/crypto/asymmetric_keys/pkcs7_verify.c
> @@ -50,7 +50,7 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
>  	ret = -ENOMEM;
>  	sig->digest = kmalloc(sig->digest_size, GFP_KERNEL);
>  	if (!sig->digest)
> -		goto error_no_desc;
> +		goto error_no_digest;
>  
>  	desc = kzalloc(desc_size, GFP_KERNEL);
>  	if (!desc)
> @@ -117,6 +117,8 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
>  error:
>  	kfree(desc);
>  error_no_desc:
> +	kfree(sig->digest);
> +error_no_digest:
>  	crypto_free_shash(tfm);
>  	kleave(" = %d", ret);
>  	return ret;
> -- 
> 2.25.1

Doesn't this introduce a double free?  public_key_signature_free() frees this
too.

- Eric
diff mbox series

Patch

diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 0b4d07aa8811..e6f648dcc02a 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -50,7 +50,7 @@  static int pkcs7_digest(struct pkcs7_message *pkcs7,
 	ret = -ENOMEM;
 	sig->digest = kmalloc(sig->digest_size, GFP_KERNEL);
 	if (!sig->digest)
-		goto error_no_desc;
+		goto error_no_digest;
 
 	desc = kzalloc(desc_size, GFP_KERNEL);
 	if (!desc)
@@ -117,6 +117,8 @@  static int pkcs7_digest(struct pkcs7_message *pkcs7,
 error:
 	kfree(desc);
 error_no_desc:
+	kfree(sig->digest);
+error_no_digest:
 	crypto_free_shash(tfm);
 	kleave(" = %d", ret);
 	return ret;