From 35576eab390df313095306e2a8216134910e7014 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Mon, 17 Jan 2011 09:22:47 +0900 Subject: trusted-keys: another free memory bugfix TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and forgot to call va_end() when crypto_shash_update() < 0. Fix these bugs by escaping from the loop using "break" (rather than "return"/"goto") in order to make sure that va_end()/kfree() are always called. Signed-off-by: Tetsuo Handa Reviewed-by: Jesper Juhl Acked-by: Mimi Zohar Acked-by: David Howells Signed-off-by: James Morris --- security/keys/trusted_defined.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index 932f868..7b21795 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c @@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, if (dlen == 0) break; data = va_arg(argp, unsigned char *); - if (data == NULL) - return -EINVAL; + if (data == NULL) { + ret = -EINVAL; + break; + } ret = crypto_shash_update(&sdesc->shash, data, dlen); if (ret < 0) - goto out; + break; } va_end(argp); if (!ret) -- cgit v1.1