diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-01-16 19:22:47 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2011-01-18 17:53:53 -0500 |
| commit | 35576eab390df313095306e2a8216134910e7014 (patch) | |
| tree | c35b52f6797ce69091c3e3bc596783f45e19496a /security | |
| parent | 40c1001792de63e0f90e977eb05393fd71f78692 (diff) | |
trusted-keys: another free memory bugfix
TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and
forgot to call va_end() when crypto_shash_update() < 0.
Fix these bugs by escaping from the loop using "break"
(rather than "return"/"goto") in order to make sure that
va_end()/kfree() are always called.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/keys/trusted_defined.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index 932f8687df16..7b2179589063 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c | |||
| @@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, | |||
| 101 | if (dlen == 0) | 101 | if (dlen == 0) |
| 102 | break; | 102 | break; |
| 103 | data = va_arg(argp, unsigned char *); | 103 | data = va_arg(argp, unsigned char *); |
| 104 | if (data == NULL) | 104 | if (data == NULL) { |
| 105 | return -EINVAL; | 105 | ret = -EINVAL; |
| 106 | break; | ||
| 107 | } | ||
| 106 | ret = crypto_shash_update(&sdesc->shash, data, dlen); | 108 | ret = crypto_shash_update(&sdesc->shash, data, dlen); |
| 107 | if (ret < 0) | 109 | if (ret < 0) |
| 108 | goto out; | 110 | break; |
| 109 | } | 111 | } |
| 110 | va_end(argp); | 112 | va_end(argp); |
| 111 | if (!ret) | 113 | if (!ret) |