diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2011-01-20 19:29:43 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-01-20 19:29:43 -0500 |
| commit | 069b6143378a17d44854619c1062393b361ebfe1 (patch) | |
| tree | ae86f4e053a690493aef048c6dc3f4bc7a5e3bec | |
| parent | b06ae1ead2915860bb49331e0588aab326801f71 (diff) | |
| parent | 154a96bfcd53b8e5020718c64769e542c44788b9 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
trusted-keys: avoid scattring va_end()
trusted-keys: check for NULL before using it
trusted-keys: another free memory bugfix
trusted-keys: free memory bugfix
| -rw-r--r-- | security/keys/trusted_defined.c | 51 |
1 files changed, 28 insertions, 23 deletions
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index 975e9f29a52c..2836c6dc18a3 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c | |||
| @@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, | |||
| 101 | if (dlen == 0) | 101 | if (dlen == 0) |
| 102 | break; | 102 | break; |
| 103 | data = va_arg(argp, unsigned char *); | 103 | data = va_arg(argp, unsigned char *); |
| 104 | if (data == NULL) | 104 | if (data == NULL) { |
| 105 | return -EINVAL; | 105 | ret = -EINVAL; |
| 106 | break; | ||
| 107 | } | ||
| 106 | ret = crypto_shash_update(&sdesc->shash, data, dlen); | 108 | ret = crypto_shash_update(&sdesc->shash, data, dlen); |
| 107 | if (ret < 0) | 109 | if (ret < 0) |
| 108 | goto out; | 110 | break; |
| 109 | } | 111 | } |
| 110 | va_end(argp); | 112 | va_end(argp); |
| 111 | if (!ret) | 113 | if (!ret) |
| @@ -146,14 +148,17 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, | |||
| 146 | if (dlen == 0) | 148 | if (dlen == 0) |
| 147 | break; | 149 | break; |
| 148 | data = va_arg(argp, unsigned char *); | 150 | data = va_arg(argp, unsigned char *); |
| 149 | ret = crypto_shash_update(&sdesc->shash, data, dlen); | 151 | if (!data) { |
| 150 | if (ret < 0) { | 152 | ret = -EINVAL; |
| 151 | va_end(argp); | 153 | break; |
| 152 | goto out; | ||
| 153 | } | 154 | } |
| 155 | ret = crypto_shash_update(&sdesc->shash, data, dlen); | ||
| 156 | if (ret < 0) | ||
| 157 | break; | ||
| 154 | } | 158 | } |
| 155 | va_end(argp); | 159 | va_end(argp); |
| 156 | ret = crypto_shash_final(&sdesc->shash, paramdigest); | 160 | if (!ret) |
| 161 | ret = crypto_shash_final(&sdesc->shash, paramdigest); | ||
| 157 | if (!ret) | 162 | if (!ret) |
| 158 | ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, | 163 | ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE, |
| 159 | paramdigest, TPM_NONCE_SIZE, h1, | 164 | paramdigest, TPM_NONCE_SIZE, h1, |
| @@ -222,13 +227,12 @@ static int TSS_checkhmac1(unsigned char *buffer, | |||
| 222 | break; | 227 | break; |
| 223 | dpos = va_arg(argp, unsigned int); | 228 | dpos = va_arg(argp, unsigned int); |
| 224 | ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); | 229 | ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); |
| 225 | if (ret < 0) { | 230 | if (ret < 0) |
| 226 | va_end(argp); | 231 | break; |
| 227 | goto out; | ||
| 228 | } | ||
| 229 | } | 232 | } |
| 230 | va_end(argp); | 233 | va_end(argp); |
| 231 | ret = crypto_shash_final(&sdesc->shash, paramdigest); | 234 | if (!ret) |
| 235 | ret = crypto_shash_final(&sdesc->shash, paramdigest); | ||
| 232 | if (ret < 0) | 236 | if (ret < 0) |
| 233 | goto out; | 237 | goto out; |
| 234 | 238 | ||
| @@ -316,13 +320,12 @@ static int TSS_checkhmac2(unsigned char *buffer, | |||
| 316 | break; | 320 | break; |
| 317 | dpos = va_arg(argp, unsigned int); | 321 | dpos = va_arg(argp, unsigned int); |
| 318 | ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); | 322 | ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen); |
| 319 | if (ret < 0) { | 323 | if (ret < 0) |
| 320 | va_end(argp); | 324 | break; |
| 321 | goto out; | ||
| 322 | } | ||
| 323 | } | 325 | } |
| 324 | va_end(argp); | 326 | va_end(argp); |
| 325 | ret = crypto_shash_final(&sdesc->shash, paramdigest); | 327 | if (!ret) |
| 328 | ret = crypto_shash_final(&sdesc->shash, paramdigest); | ||
| 326 | if (ret < 0) | 329 | if (ret < 0) |
| 327 | goto out; | 330 | goto out; |
| 328 | 331 | ||
| @@ -511,7 +514,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, | |||
| 511 | /* get session for sealing key */ | 514 | /* get session for sealing key */ |
| 512 | ret = osap(tb, &sess, keyauth, keytype, keyhandle); | 515 | ret = osap(tb, &sess, keyauth, keytype, keyhandle); |
| 513 | if (ret < 0) | 516 | if (ret < 0) |
| 514 | return ret; | 517 | goto out; |
| 515 | dump_sess(&sess); | 518 | dump_sess(&sess); |
| 516 | 519 | ||
| 517 | /* calculate encrypted authorization value */ | 520 | /* calculate encrypted authorization value */ |
| @@ -519,11 +522,11 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, | |||
| 519 | memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE); | 522 | memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE); |
| 520 | ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); | 523 | ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); |
| 521 | if (ret < 0) | 524 | if (ret < 0) |
| 522 | return ret; | 525 | goto out; |
| 523 | 526 | ||
| 524 | ret = tpm_get_random(tb, td->nonceodd, TPM_NONCE_SIZE); | 527 | ret = tpm_get_random(tb, td->nonceodd, TPM_NONCE_SIZE); |
| 525 | if (ret < 0) | 528 | if (ret < 0) |
| 526 | return ret; | 529 | goto out; |
| 527 | ordinal = htonl(TPM_ORD_SEAL); | 530 | ordinal = htonl(TPM_ORD_SEAL); |
| 528 | datsize = htonl(datalen); | 531 | datsize = htonl(datalen); |
| 529 | pcrsize = htonl(pcrinfosize); | 532 | pcrsize = htonl(pcrinfosize); |
| @@ -552,7 +555,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, | |||
| 552 | &datsize, datalen, data, 0, 0); | 555 | &datsize, datalen, data, 0, 0); |
| 553 | } | 556 | } |
| 554 | if (ret < 0) | 557 | if (ret < 0) |
| 555 | return ret; | 558 | goto out; |
| 556 | 559 | ||
| 557 | /* build and send the TPM request packet */ | 560 | /* build and send the TPM request packet */ |
| 558 | INIT_BUF(tb); | 561 | INIT_BUF(tb); |
| @@ -572,7 +575,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, | |||
| 572 | 575 | ||
| 573 | ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); | 576 | ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); |
| 574 | if (ret < 0) | 577 | if (ret < 0) |
| 575 | return ret; | 578 | goto out; |
| 576 | 579 | ||
| 577 | /* calculate the size of the returned Blob */ | 580 | /* calculate the size of the returned Blob */ |
| 578 | sealinfosize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t)); | 581 | sealinfosize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t)); |
| @@ -591,6 +594,8 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, | |||
| 591 | memcpy(blob, tb->data + TPM_DATA_OFFSET, storedsize); | 594 | memcpy(blob, tb->data + TPM_DATA_OFFSET, storedsize); |
| 592 | *bloblen = storedsize; | 595 | *bloblen = storedsize; |
| 593 | } | 596 | } |
| 597 | out: | ||
| 598 | kfree(td); | ||
| 594 | return ret; | 599 | return ret; |
| 595 | } | 600 | } |
| 596 | 601 | ||