Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cf6d43ef authored by Sabrina Dubroca's avatar Sabrina Dubroca Committed by David S. Miller
Browse files

tls: fix sw_ctx leak 



During setsockopt(SOL_TCP, TLS_TX), if initialization of the software
context fails in tls_set_sw_offload(), we leak sw_ctx. We also don't
reassign ctx->priv_ctx to NULL, so we can't even do another attempt to
set it up on the same socket, as it will fail with -EEXIST.

Fixes: 3c4d7559 ('tls: kernel TLS support')
Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 6ab6dd9e

net/tls/tls_sw.c

+7 −5
Original line number Diff line number Diff line
@@ -681,18 +681,17 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) 
	}

	default:

		rc = -EINVAL;

		goto out;

		goto free_priv;

	}



	ctx->prepend_size = TLS_HEADER_SIZE + nonce_size;

	ctx->tag_size = tag_size;

	ctx->overhead_size = ctx->prepend_size + ctx->tag_size;

	ctx->iv_size = iv_size;

	ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE,

			  GFP_KERNEL);

	ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, GFP_KERNEL);

	if (!ctx->iv) {

		rc = -ENOMEM;

		goto out;

		goto free_priv;

	}

	memcpy(ctx->iv, gcm_128_info->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE);

	memcpy(ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size);
@@ -740,7 +739,7 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) 


	rc = crypto_aead_setauthsize(sw_ctx->aead_send, ctx->tag_size);

	if (!rc)

		goto out;

		return 0;



free_aead:

	crypto_free_aead(sw_ctx->aead_send);
@@ -751,6 +750,9 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx) 
free_iv:

	kfree(ctx->iv);

	ctx->iv = NULL;

free_priv:

	kfree(ctx->priv_ctx);

	ctx->priv_ctx = NULL;

out:

	return rc;

}