Re: [PATCH 1/3] trusted-keys: another free memory bugfix
From: Jesper Juhl
Date: Mon Jan 17 2011 - 13:35:05 EST
On Mon, 17 Jan 2011, Tetsuo Handa wrote:
> Resending in separated mails in case somebody missed that
> there was 3 patches in one mail.
> ----------------------------------------
> >From 94e965700f1e401408836d4aa782105483196842 Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
> Date: Mon, 17 Jan 2011 09:22:47 +0900
> Subject: [PATCH 1/3] trusted-keys: another free memory bugfix
>
> TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and
> forgot to call va_end() when crypto_shash_update() < 0.
> Fix these bugs by escaping from the loop using "break"
> (rather than "return"/"goto") in order to make sure that
> va_end()/kfree() are always called.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
> ---
> security/keys/trusted_defined.c | 8 +++++---
> 1 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
> index 932f868..7b21795 100644
> --- a/security/keys/trusted_defined.c
> +++ b/security/keys/trusted_defined.c
> @@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
> if (dlen == 0)
> break;
> data = va_arg(argp, unsigned char *);
> - if (data == NULL)
> - return -EINVAL;
> + if (data == NULL) {
> + ret = -EINVAL;
> + break;
> + }
> ret = crypto_shash_update(&sdesc->shash, data, dlen);
> if (ret < 0)
> - goto out;
> + break;
> }
> va_end(argp);
> if (!ret)
>
Looks good to me.
Reviewed-by: Jesper Juhl <jj@xxxxxxxxxxxxx>
--
Jesper Juhl <jj@xxxxxxxxxxxxx> http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/