diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-01-16 19:22:47 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2011-01-18 17:53:53 -0500 |
commit | 35576eab390df313095306e2a8216134910e7014 (patch) | |
tree | c35b52f6797ce69091c3e3bc596783f45e19496a /security/keys | |
parent | 40c1001792de63e0f90e977eb05393fd71f78692 (diff) |
trusted-keys: another free memory bugfix
TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and
forgot to call va_end() when crypto_shash_update() < 0.
Fix these bugs by escaping from the loop using "break"
(rather than "return"/"goto") in order to make sure that
va_end()/kfree() are always called.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys')
-rw-r--r-- | security/keys/trusted_defined.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index 932f8687df16..7b2179589063 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c | |||
@@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, | |||
101 | if (dlen == 0) | 101 | if (dlen == 0) |
102 | break; | 102 | break; |
103 | data = va_arg(argp, unsigned char *); | 103 | data = va_arg(argp, unsigned char *); |
104 | if (data == NULL) | 104 | if (data == NULL) { |
105 | return -EINVAL; | 105 | ret = -EINVAL; |
106 | break; | ||
107 | } | ||
106 | ret = crypto_shash_update(&sdesc->shash, data, dlen); | 108 | ret = crypto_shash_update(&sdesc->shash, data, dlen); |
107 | if (ret < 0) | 109 | if (ret < 0) |
108 | goto out; | 110 | break; |
109 | } | 111 | } |
110 | va_end(argp); | 112 | va_end(argp); |
111 | if (!ret) | 113 | if (!ret) |