Re: [PATCH] crypto: ixp4xx - Fix error handling path in 'aead_perform()'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 19, 2017 at 11:47 PM, Christophe JAILLET
<christophe.jaillet@xxxxxxxxxx> wrote:
> In commit 0f987e25cb8a, the source processing has been moved in front of
> the destination processing, but the error handling path has not been
> modified accordingly.
> Free resources in the correct order to avoid some leaks.
>
> Fixes: 0f987e25cb8a ("crypto: ixp4xx - Fix false lastlen uninitialised warning")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>

Thanks for spotting my mistake!

I've looked at it again and think it's unfortunately still wrong with
your patch,
as there is a 'goto free_buf_src' after dma_pool_alloc(), and that now needs
to jump to free_buf_dst instead. We may also need an extra check to make
sure we don't free an uninitialized pointer again.

Can you have a look at this version below and send whatever you find
to be correct in the end?

Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>

diff --git a/drivers/crypto/ixp4xx_crypto.c b/drivers/crypto/ixp4xx_crypto.c
index 427cbe012729..08b740dddb20 100644
--- a/drivers/crypto/ixp4xx_crypto.c
+++ b/drivers/crypto/ixp4xx_crypto.c
@@ -1073,7 +1073,7 @@ static int aead_perform(struct aead_request
*req, int encrypt,
                req_ctx->hmac_virt = dma_pool_alloc(buffer_pool, flags,
                                &crypt->icv_rev_aes);
                if (unlikely(!req_ctx->hmac_virt))
-                       goto free_buf_src;
+                       goto free_buf_dst;
                if (!encrypt) {
                        scatterwalk_map_and_copy(req_ctx->hmac_virt,
                                req->src, cryptlen, authsize, 0);
@@ -1088,10 +1088,11 @@ static int aead_perform(struct aead_request
*req, int encrypt,
        BUG_ON(qmgr_stat_overflow(SEND_QID));
        return -EINPROGRESS;

+free_buf_dst:
+       if (crypt->dst)
+               free_buf_chain(dev, req_ctx->dst, crypt->dst_buf);
 free_buf_src:
        free_buf_chain(dev, req_ctx->src, crypt->src_buf);
-free_buf_dst:
-       free_buf_chain(dev, req_ctx->dst, crypt->dst_buf);
        crypt->ctl_flags = CTL_FLAG_UNUSED;
        return -ENOMEM;
 }



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux