aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMilan Broz <mbroz@redhat.com>2012-06-28 11:26:02 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2012-07-10 23:06:13 -0400
commitbf084d8f6eb4ded3f90a6ab79bb682db00ebfbd4 (patch)
tree6852997847517657887a88b7dc84f227d5bf094e
parent82c2f9607b8a4667e9d89613478748f4e2b7288b (diff)
crypto: aesni-intel - fix wrong kfree pointer
kfree(new_key_mem) in rfc4106_set_key() should be called on malloced pointer, not on aligned one, otherwise it can cause invalid pointer on free. (Seen at least once when running tcrypt tests with debug kernel.) Signed-off-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--arch/x86/crypto/aesni-intel_glue.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
index d6626152067d..34fdcff4d2c8 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -529,7 +529,7 @@ static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key,
529 struct crypto_aead *cryptd_child = cryptd_aead_child(ctx->cryptd_tfm); 529 struct crypto_aead *cryptd_child = cryptd_aead_child(ctx->cryptd_tfm);
530 struct aesni_rfc4106_gcm_ctx *child_ctx = 530 struct aesni_rfc4106_gcm_ctx *child_ctx =
531 aesni_rfc4106_gcm_ctx_get(cryptd_child); 531 aesni_rfc4106_gcm_ctx_get(cryptd_child);
532 u8 *new_key_mem = NULL; 532 u8 *new_key_align, *new_key_mem = NULL;
533 533
534 if (key_len < 4) { 534 if (key_len < 4) {
535 crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); 535 crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
@@ -553,9 +553,9 @@ static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key,
553 if (!new_key_mem) 553 if (!new_key_mem)
554 return -ENOMEM; 554 return -ENOMEM;
555 555
556 new_key_mem = PTR_ALIGN(new_key_mem, AESNI_ALIGN); 556 new_key_align = PTR_ALIGN(new_key_mem, AESNI_ALIGN);
557 memcpy(new_key_mem, key, key_len); 557 memcpy(new_key_align, key, key_len);
558 key = new_key_mem; 558 key = new_key_align;
559 } 559 }
560 560
561 if (!irq_fpu_usable()) 561 if (!irq_fpu_usable())