]>
Commit | Line | Data |
---|---|---|
95cba770 GKH |
1 | From ece550f51ba175c14ec3ec047815927d7386ea1f Mon Sep 17 00:00:00 2001 |
2 | From: Dan Carpenter <error27@gmail.com> | |
3 | Date: Tue, 19 Jan 2010 12:34:32 +0300 | |
4 | Subject: ecryptfs: use after free | |
5 | ||
6 | From: Dan Carpenter <error27@gmail.com> | |
7 | ||
8 | commit ece550f51ba175c14ec3ec047815927d7386ea1f upstream. | |
9 | ||
10 | The "full_alg_name" variable is used on a couple error paths, so we | |
11 | shouldn't free it until the end. | |
12 | ||
13 | Signed-off-by: Dan Carpenter <error27@gmail.com> | |
14 | Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> | |
15 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
16 | ||
17 | --- | |
18 | fs/ecryptfs/crypto.c | 4 ++-- | |
19 | 1 file changed, 2 insertions(+), 2 deletions(-) | |
20 | ||
21 | --- a/fs/ecryptfs/crypto.c | |
22 | +++ b/fs/ecryptfs/crypto.c | |
23 | @@ -1748,7 +1748,7 @@ ecryptfs_process_key_cipher(struct crypt | |
24 | char *cipher_name, size_t *key_size) | |
25 | { | |
26 | char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; | |
27 | - char *full_alg_name; | |
28 | + char *full_alg_name = NULL; | |
29 | int rc; | |
30 | ||
31 | *key_tfm = NULL; | |
32 | @@ -1763,7 +1763,6 @@ ecryptfs_process_key_cipher(struct crypt | |
33 | if (rc) | |
34 | goto out; | |
35 | *key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC); | |
36 | - kfree(full_alg_name); | |
37 | if (IS_ERR(*key_tfm)) { | |
38 | rc = PTR_ERR(*key_tfm); | |
39 | printk(KERN_ERR "Unable to allocate crypto cipher with name " | |
40 | @@ -1786,6 +1785,7 @@ ecryptfs_process_key_cipher(struct crypt | |
41 | goto out; | |
42 | } | |
43 | out: | |
44 | + kfree(full_alg_name); | |
45 | return rc; | |
46 | } | |
47 |