diff options
| author | Eric Biggers <ebiggers@google.com> | 2019-05-22 12:42:29 -0700 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2019-05-30 15:25:57 +0800 |
| commit | 7829a0c1cb9c80debfb4fdb49b4d90019f2ea1ac (patch) | |
| tree | f15fd92cbf013eb8e31c422457593b674e46aae1 | |
| parent | 9c5b34c2f7eb01976a5aa29ccdb786a634e3d1e0 (diff) | |
| download | linux-next-7829a0c1cb9c80debfb4fdb49b4d90019f2ea1ac.tar.gz | |
crypto: hmac - fix memory leak in hmac_init_tfm()
When I added the sanity check of 'descsize', I missed that the child
hash tfm needs to be freed if the sanity check fails. Of course this
should never happen, hence the use of WARN_ON(), but it should be fixed.
Fixes: e1354400b25d ("crypto: hash - fix incorrect HASH_MAX_DESCSIZE")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| -rw-r--r-- | crypto/hmac.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/hmac.c b/crypto/hmac.c index 241b1868c1d0..ac8c611ee33e 100644 --- a/crypto/hmac.c +++ b/crypto/hmac.c @@ -157,8 +157,10 @@ static int hmac_init_tfm(struct crypto_tfm *tfm) parent->descsize = sizeof(struct shash_desc) + crypto_shash_descsize(hash); - if (WARN_ON(parent->descsize > HASH_MAX_DESCSIZE)) + if (WARN_ON(parent->descsize > HASH_MAX_DESCSIZE)) { + crypto_free_shash(hash); return -EINVAL; + } ctx->hash = hash; return 0; |