Commit 35576eab authored Jan 17, 2011 by Tetsuo Handa Committed by James Morris Jan 19, 2011

trusted-keys: another free memory bugfix



TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and
forgot to call va_end() when crypto_shash_update() < 0.
Fix these bugs by escaping from the loop using "break"
(rather than "return"/"goto") in order to make sure that
va_end()/kfree() are always called.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

parent 40c10017

security/keys/trusted_defined.c

+5 −3

Original line number	Diff line number	Diff line
		@@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char digest, const unsigned char key,
		if (dlen == 0)
		break;
		data = va_arg(argp, unsigned char *);
		if (data == NULL)
		return -EINVAL;
		if (data == NULL) {
		ret = -EINVAL;
		break;
		}
		ret = crypto_shash_update(&sdesc->shash, data, dlen);
		if (ret < 0)
		goto out;
		break;
		}
		va_end(argp);
		if (!ret)