diff options
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2010-12-20 12:37:18 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2011-01-13 18:27:46 -0500 |
| commit | 40c1001792de63e0f90e977eb05393fd71f78692 (patch) | |
| tree | 7172e92ccefd8f4b8ee42401901ddab5bec687b5 /security | |
| parent | 581548db3b3c0f6e25b500329eb02e3c72e7acbe (diff) | |
trusted-keys: free memory bugfix
Add missing kfree(td) in tpm_seal() before the return, freeing
td on error paths as well.
Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: David Safford <safford@watson.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/keys/trusted_defined.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index 975e9f29a52c..932f8687df16 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c | |||
| @@ -511,7 +511,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, | |||
| 511 | /* get session for sealing key */ | 511 | /* get session for sealing key */ |
| 512 | ret = osap(tb, &sess, keyauth, keytype, keyhandle); | 512 | ret = osap(tb, &sess, keyauth, keytype, keyhandle); |
| 513 | if (ret < 0) | 513 | if (ret < 0) |
| 514 | return ret; | 514 | goto out; |
| 515 | dump_sess(&sess); | 515 | dump_sess(&sess); |
| 516 | 516 | ||
| 517 | /* calculate encrypted authorization value */ | 517 | /* calculate encrypted authorization value */ |
| @@ -519,11 +519,11 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, | |||
| 519 | memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE); | 519 | memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE); |
| 520 | ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); | 520 | ret = TSS_sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash); |
| 521 | if (ret < 0) | 521 | if (ret < 0) |
| 522 | return ret; | 522 | goto out; |
| 523 | 523 | ||
| 524 | ret = tpm_get_random(tb, td->nonceodd, TPM_NONCE_SIZE); | 524 | ret = tpm_get_random(tb, td->nonceodd, TPM_NONCE_SIZE); |
| 525 | if (ret < 0) | 525 | if (ret < 0) |
| 526 | return ret; | 526 | goto out; |
| 527 | ordinal = htonl(TPM_ORD_SEAL); | 527 | ordinal = htonl(TPM_ORD_SEAL); |
| 528 | datsize = htonl(datalen); | 528 | datsize = htonl(datalen); |
| 529 | pcrsize = htonl(pcrinfosize); | 529 | pcrsize = htonl(pcrinfosize); |
| @@ -552,7 +552,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, | |||
| 552 | &datsize, datalen, data, 0, 0); | 552 | &datsize, datalen, data, 0, 0); |
| 553 | } | 553 | } |
| 554 | if (ret < 0) | 554 | if (ret < 0) |
| 555 | return ret; | 555 | goto out; |
| 556 | 556 | ||
| 557 | /* build and send the TPM request packet */ | 557 | /* build and send the TPM request packet */ |
| 558 | INIT_BUF(tb); | 558 | INIT_BUF(tb); |
| @@ -572,7 +572,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, | |||
| 572 | 572 | ||
| 573 | ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); | 573 | ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); |
| 574 | if (ret < 0) | 574 | if (ret < 0) |
| 575 | return ret; | 575 | goto out; |
| 576 | 576 | ||
| 577 | /* calculate the size of the returned Blob */ | 577 | /* calculate the size of the returned Blob */ |
| 578 | sealinfosize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t)); | 578 | sealinfosize = LOAD32(tb->data, TPM_DATA_OFFSET + sizeof(uint32_t)); |
| @@ -591,6 +591,8 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype, | |||
| 591 | memcpy(blob, tb->data + TPM_DATA_OFFSET, storedsize); | 591 | memcpy(blob, tb->data + TPM_DATA_OFFSET, storedsize); |
| 592 | *bloblen = storedsize; | 592 | *bloblen = storedsize; |
| 593 | } | 593 | } |
| 594 | out: | ||
| 595 | kfree(td); | ||
| 594 | return ret; | 596 | return ret; |
| 595 | } | 597 | } |
| 596 | 598 | ||