[PATCH] net: tls: fix a memory leak bug

From: Wenwen Wang
Date: Wed Apr 24 2019 - 16:18:23 EST

Next message: Matthew Wilcox: "Re: [PATCH] mm: Allow userland to request that the kernel clear memory on release"
Previous message: Dave Airlie: "Re: [PATCH 1/2] drm/doc: Allow new UAPI to be used once it's in the driver's -next."
Next in thread: Jakub Kicinski: "Re: [PATCH] net: tls: fix a memory leak bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In decrypt_internal(), a memory block 'mem' is allocated through kmalloc()
to hold aead_req, sgin[], sgout[], aad, and iv. This memory block should be
freed after it is used, before this function is returned. However, if the
return value of the function invocation of tls_do_decryption() is
-EINPROGRESS, this memory block is actually not freed, which is a memory
leak bug.

To fix this issue, free the allocated block before the error code
-EINPROGRESS is returned.

Signed-off-by: Wenwen Wang <wang6495@xxxxxxx>
---
net/tls/tls_sw.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index b50ced8..22445bb 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1445,8 +1445,10 @@ static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
/* Prepare and submit AEAD request */
err = tls_do_decryption(sk, skb, sgin, sgout, iv,
data_len, aead_req, async);
- if (err == -EINPROGRESS)
+ if (err == -EINPROGRESS) {
+ kfree(mem);
return err;
+ }

/* Release the pages in case iov was mapped to pages */
for (; pages > 0; pages--)
--
2.7.4

Next message: Matthew Wilcox: "Re: [PATCH] mm: Allow userland to request that the kernel clear memory on release"
Previous message: Dave Airlie: "Re: [PATCH 1/2] drm/doc: Allow new UAPI to be used once it's in the driver's -next."
Next in thread: Jakub Kicinski: "Re: [PATCH] net: tls: fix a memory leak bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]