diff mbox series

gss_krb5: Fix memleak in krb5_make_rc4_seq_num

Message ID 20200827080252.26396-1-dinghao.liu@zju.edu.cn
State New
Headers show
Series gss_krb5: Fix memleak in krb5_make_rc4_seq_num | expand

Commit Message

Dinghao Liu Aug. 27, 2020, 8:02 a.m. UTC
When kmalloc() fails, cipher should be freed
just like when krb5_rc4_setup_seq_key() fails.

Fixes: e7afe6c1d486b ("sunrpc: fix 4 more call sites that were using stack memory with a scatterlist")
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
---
 net/sunrpc/auth_gss/gss_krb5_seqnum.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

J. Bruce Fields Aug. 29, 2020, 3:36 p.m. UTC | #1
This code is rarely if ever used, and there are pending patches to
remove it completely, so I don't think it's worth trying to fix a rare
memory leak at this point.

--b.

On Thu, Aug 27, 2020 at 04:02:50PM +0800, Dinghao Liu wrote:
> When kmalloc() fails, cipher should be freed
> just like when krb5_rc4_setup_seq_key() fails.
> 
> Fixes: e7afe6c1d486b ("sunrpc: fix 4 more call sites that were using stack memory with a scatterlist")
> Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
> ---
>  net/sunrpc/auth_gss/gss_krb5_seqnum.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/net/sunrpc/auth_gss/gss_krb5_seqnum.c b/net/sunrpc/auth_gss/gss_krb5_seqnum.c
> index 507105127095..88ca58d11082 100644
> --- a/net/sunrpc/auth_gss/gss_krb5_seqnum.c
> +++ b/net/sunrpc/auth_gss/gss_krb5_seqnum.c
> @@ -53,8 +53,10 @@ krb5_make_rc4_seq_num(struct krb5_ctx *kctx, int direction, s32 seqnum,
>  		return PTR_ERR(cipher);
>  
>  	plain = kmalloc(8, GFP_NOFS);
> -	if (!plain)
> -		return -ENOMEM;
> +	if (!plain) {
> +		code = -ENOMEM;
> +		goto out;
> +	}
>  
>  	plain[0] = (unsigned char) ((seqnum >> 24) & 0xff);
>  	plain[1] = (unsigned char) ((seqnum >> 16) & 0xff);
> -- 
> 2.17.1
Ard Biesheuvel Aug. 31, 2020, 3:27 p.m. UTC | #2
On Sat, 29 Aug 2020 at 18:43, J. Bruce Fields <bfields@fieldses.org> wrote:
>
> This code is rarely if ever used, and there are pending patches to
> remove it completely, so I don't think it's worth trying to fix a rare
> memory leak at this point.
>
> --b.
>

FYI I just submitted v3 of my series removing this code to the
linux-crypto list, and so hopefully it will disappear in v5.10


> On Thu, Aug 27, 2020 at 04:02:50PM +0800, Dinghao Liu wrote:
> > When kmalloc() fails, cipher should be freed
> > just like when krb5_rc4_setup_seq_key() fails.
> >
> > Fixes: e7afe6c1d486b ("sunrpc: fix 4 more call sites that were using stack memory with a scatterlist")
> > Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
> > ---
> >  net/sunrpc/auth_gss/gss_krb5_seqnum.c | 6 ++++--
> >  1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/net/sunrpc/auth_gss/gss_krb5_seqnum.c b/net/sunrpc/auth_gss/gss_krb5_seqnum.c
> > index 507105127095..88ca58d11082 100644
> > --- a/net/sunrpc/auth_gss/gss_krb5_seqnum.c
> > +++ b/net/sunrpc/auth_gss/gss_krb5_seqnum.c
> > @@ -53,8 +53,10 @@ krb5_make_rc4_seq_num(struct krb5_ctx *kctx, int direction, s32 seqnum,
> >               return PTR_ERR(cipher);
> >
> >       plain = kmalloc(8, GFP_NOFS);
> > -     if (!plain)
> > -             return -ENOMEM;
> > +     if (!plain) {
> > +             code = -ENOMEM;
> > +             goto out;
> > +     }
> >
> >       plain[0] = (unsigned char) ((seqnum >> 24) & 0xff);
> >       plain[1] = (unsigned char) ((seqnum >> 16) & 0xff);
> > --
> > 2.17.1
diff mbox series

Patch

diff --git a/net/sunrpc/auth_gss/gss_krb5_seqnum.c b/net/sunrpc/auth_gss/gss_krb5_seqnum.c
index 507105127095..88ca58d11082 100644
--- a/net/sunrpc/auth_gss/gss_krb5_seqnum.c
+++ b/net/sunrpc/auth_gss/gss_krb5_seqnum.c
@@ -53,8 +53,10 @@  krb5_make_rc4_seq_num(struct krb5_ctx *kctx, int direction, s32 seqnum,
 		return PTR_ERR(cipher);
 
 	plain = kmalloc(8, GFP_NOFS);
-	if (!plain)
-		return -ENOMEM;
+	if (!plain) {
+		code = -ENOMEM;
+		goto out;
+	}
 
 	plain[0] = (unsigned char) ((seqnum >> 24) & 0xff);
 	plain[1] = (unsigned char) ((seqnum >> 16) & 0xff);