Thread (175 messages) 175 messages, 3 authors, 2012-11-26

[ 161/171] libceph: fix crypto key null deref, memory leak

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: 2012-11-22 22:06:58
Also in: lkml 

3.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sylvain Munaut <redacted>

(cherry picked from commit f0666b1ac875ff32fe290219b150ec62eebbe10e)

Avoid crashing if the crypto key payload was NULL, as when it was not correctly
allocated and initialized.  Also, avoid leaking it.

Signed-off-by: Sylvain Munaut <redacted>
Signed-off-by: Sage Weil <redacted>
Reviewed-by: Alex Elder <redacted>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ceph/crypto.c |    1 +
 net/ceph/crypto.h |    3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -466,6 +466,7 @@ void ceph_key_destroy(struct key *key) {
 	struct ceph_crypto_key *ckey = key->payload.data;
 
 	ceph_crypto_key_destroy(ckey);
+	kfree(ckey);
 }
 
 struct key_type key_type_ceph = {
--- a/net/ceph/crypto.h
+++ b/net/ceph/crypto.h
@@ -16,7 +16,8 @@ struct ceph_crypto_key {
 
 static inline void ceph_crypto_key_destroy(struct ceph_crypto_key *key)
 {
-	kfree(key->key);
+	if (key)
+		kfree(key->key);
 }
 
 extern int ceph_crypto_key_clone(struct ceph_crypto_key *dst,
Related discussions
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help