From patchwork Thu Feb 24 19:09:12 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Denis Glazkov <d.glazkov@omp.ru>
X-Patchwork-Id: 545659
Return-Path: <linux-crypto-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by smtp.lore.kernel.org (Postfix) with ESMTP id 04BF2C433EF
 for <linux-crypto@archiver.kernel.org>; Thu, 24 Feb 2022 19:15:02 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S233324AbiBXTPa convert rfc822-to-8bit (ORCPT
 <rfc822;linux-crypto@archiver.kernel.org>);
 Thu, 24 Feb 2022 14:15:30 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34954 "EHLO
 lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S232615AbiBXTP3 (ORCPT
 <rfc822;linux-crypto@vger.kernel.org>);
 Thu, 24 Feb 2022 14:15:29 -0500
X-Greylist: delayed 344 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; 
 Thu, 24 Feb 2022 11:14:59 PST
Received: from mxout03.lancloud.ru (mxout03.lancloud.ru [45.84.86.113])
 by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 93CF422BE82;
 Thu, 24 Feb 2022 11:14:59 -0800 (PST)
Received: from LanCloud
DKIM-Filter: OpenDKIM Filter v2.11.0 mxout03.lancloud.ru 5AD592061832
Received: from LanCloud
Received: from LanCloud
Received: from LanCloud
Received: from LanCloud
From: Denis Glazkov <d.glazkov@omp.ru>
CC: Denis Glazkov <d.glazkov@omp.ru>, David Howells <dhowells@redhat.com>,
 Herbert Xu <herbert@gondor.apana.org.au>,
 "David S. Miller" <davem@davemloft.net>,
 "keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
 "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
 "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: [PATCH] PKCS#7: fix a possible memory leak when calculating the digest
Thread-Topic: [PATCH] PKCS#7: fix a possible memory leak when calculating the
 digest
Thread-Index: AQHYKbICJzAkgBxFjE+vdE8nJ6DgIg==
Date: Thu, 24 Feb 2022 19:09:12 +0000
Message-ID: <20220224190838.144388-1-d.glazkov@omp.ru>
Accept-Language: ru-RU, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [192.168.11.137]
MIME-Version: 1.0
To: unlisted-recipients:; (no To-header on input)
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

In function `pkcs7_digest`, if there is an error allocating memory
for the `shash_desc` structure, the public key signature digest
remains unfreed.

Signed-off-by: Denis Glazkov <d.glazkov@omp.ru>
---
 crypto/asymmetric_keys/pkcs7_verify.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 0b4d07aa8811..e6f648dcc02a 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -50,7 +50,7 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
 	ret = -ENOMEM;
 	sig->digest = kmalloc(sig->digest_size, GFP_KERNEL);
 	if (!sig->digest)
-		goto error_no_desc;
+		goto error_no_digest;
 
 	desc = kzalloc(desc_size, GFP_KERNEL);
 	if (!desc)
@@ -117,6 +117,8 @@ static int pkcs7_digest(struct pkcs7_message *pkcs7,
 error:
 	kfree(desc);
 error_no_desc:
+	kfree(sig->digest);
+error_no_digest:
 	crypto_free_shash(tfm);
 	kleave(" = %d", ret);
 	return ret;