On Thu, 2021-04-29 at 14:37 -0400, Ben Boeckel wrote:
> From: Ben Boeckel <mathstuf@xxxxxxxxx>
>
> The `tpm_get_ops` call at the beginning of the function is not paired
> with a `tpm_put_ops` on this return path.
>
> Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key
> format for the blobs")
> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Signed-off-by: Ben Boeckel <mathstuf@xxxxxxxxx>
> ---
> security/keys/trusted-keys/trusted_tpm2.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/security/keys/trusted-keys/trusted_tpm2.c
> b/security/keys/trusted-keys/trusted_tpm2.c
> index 617fabd4d913..25c2c4d564de 100644
> --- a/security/keys/trusted-keys/trusted_tpm2.c
> +++ b/security/keys/trusted-keys/trusted_tpm2.c
> @@ -335,8 +335,10 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
> else
> rc = -EPERM;
> }
> - if (blob_len < 0)
> + if (blob_len < 0) {
> + tpm_put_ops(chip);
> return blob_len;
> + }
>
> payload->blob_len = blob_len;
>
Actually, I think this is a better fix to avoid multiple put and
returns.
James
---
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index d225ad140960..cbf2a932577b 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -336,9 +336,9 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
rc = -EPERM;
}
if (blob_len < 0)
- return blob_len;
-
- payload->blob_len = blob_len;
+ rc = blob_len;
+ else
+ payload->blob_len = blob_len;
tpm_put_ops(chip);
return rc;
