ecryptfs-devel team mailing list archive
-
ecryptfs-devel team
-
Mailing list archive
-
Message #00081
Re: [patch] ecryptfs: use after free
On 01/19/2010 03:34 AM, Dan Carpenter wrote:
> The "full_alg_name" variable is used on a couple error paths, so we
> shouldn't free it until the end.
>
> Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
> Cc: stable@xxxxxxxxxx
Thanks, Dan.
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6.git#next
>
> --- orig/fs/ecryptfs/crypto.c 2010-01-18 21:33:45.000000000 +0300
> +++ devel/fs/ecryptfs/crypto.c 2010-01-18 21:36:29.000000000 +0300
> @@ -1748,7 +1748,7 @@ ecryptfs_process_key_cipher(struct crypt
> char *cipher_name, size_t *key_size)
> {
> char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
> - char *full_alg_name;
> + char *full_alg_name = NULL;
> int rc;
>
> *key_tfm = NULL;
> @@ -1763,7 +1763,6 @@ ecryptfs_process_key_cipher(struct crypt
> if (rc)
> goto out;
> *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
> - kfree(full_alg_name);
> if (IS_ERR(*key_tfm)) {
> rc = PTR_ERR(*key_tfm);
> printk(KERN_ERR "Unable to allocate crypto cipher with name "
> @@ -1786,6 +1785,7 @@ ecryptfs_process_key_cipher(struct crypt
> goto out;
> }
> out:
> + kfree(full_alg_name);
> return rc;
> }
>