← Back to team overview

ecryptfs-devel team mailing list archive

  1. ecryptfs-devel team
  2. Mailing list archive
  3. Message #00081

Re: [patch] ecryptfs: use after free

  Thread PreviousDate PreviousThread Next 
On 01/19/2010 03:34 AM, Dan Carpenter wrote:
> The "full_alg_name" variable is used on a couple error paths, so we
> shouldn't free it until the end.
> 
> Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
> Cc: stable@xxxxxxxxxx

Thanks, Dan.

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6.git#next

> 
> --- orig/fs/ecryptfs/crypto.c	2010-01-18 21:33:45.000000000 +0300
> +++ devel/fs/ecryptfs/crypto.c	2010-01-18 21:36:29.000000000 +0300
> @@ -1748,7 +1748,7 @@ ecryptfs_process_key_cipher(struct crypt
>  			    char *cipher_name, size_t *key_size)
>  {
>  	char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
> -	char *full_alg_name;
> +	char *full_alg_name = NULL;
>  	int rc;
> 
>  	*key_tfm = NULL;
> @@ -1763,7 +1763,6 @@ ecryptfs_process_key_cipher(struct crypt
>  	if (rc)
>  		goto out;
>  	*key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
> -	kfree(full_alg_name);
>  	if (IS_ERR(*key_tfm)) {
>  		rc = PTR_ERR(*key_tfm);
>  		printk(KERN_ERR "Unable to allocate crypto cipher with name "
> @@ -1786,6 +1785,7 @@ ecryptfs_process_key_cipher(struct crypt
>  		goto out;
>  	}
>  out:
> +	kfree(full_alg_name);
>  	return rc;
>  }
>
  Thread PreviousDate PreviousThread Next