Re: [PATCH] crypto: af_alg/hash: Fix uninit-value access in af_alg_free_sg()

From: David Howells
Date: Wed Jan 03 2024 - 10:37:17 EST

Next message: Rafael J. Wysocki: "Re: [PATCH 3/3] ACPI: cpufreq: Add ITMT support when CPPC enabled for Zhaoxin CPUs"
Previous message: H. Peter Anvin: "Re: x86 SGDT emulation for Wine"
In reply to: xingwei lee: "Re: [PATCH] crypto: af_alg/hash: Fix uninit-value access in af_alg_free_sg()"
Next in thread: Herbert Xu: "Re: [PATCH] crypto: af_alg/hash: Fix uninit-value access in af_alg_free_sg()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

> Anyway, I think we should fix it by adding a new goto label that
> does not free the SG list:
>
> unlock_free:
> af_alg_free_sg(&ctx->sgl);
> <--- Add new label here
> hash_free_result(sk, ctx);
> ctx->more = false;
> goto unlock;

Hmmm... Is that going to get you a potential memory leak?

ctx->sgl.sgt.sgl could (in theory) point to an allocated table. I guess that
would be cleaned up by af_alg_free_areq_sgls(), so there's probably no leak
there.

OTOH, af_alg_free_areq_sgls() is going to call af_alg_free_sg(), so maybe we
want to initialise sgl->sgt.sgl to NULL as well.

Does it make sense just to clear *ctx entirely in hash_accept_parent_nokey()?

David

Next message: Rafael J. Wysocki: "Re: [PATCH 3/3] ACPI: cpufreq: Add ITMT support when CPPC enabled for Zhaoxin CPUs"
Previous message: H. Peter Anvin: "Re: x86 SGDT emulation for Wine"
In reply to: xingwei lee: "Re: [PATCH] crypto: af_alg/hash: Fix uninit-value access in af_alg_free_sg()"
Next in thread: Herbert Xu: "Re: [PATCH] crypto: af_alg/hash: Fix uninit-value access in af_alg_free_sg()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]