[thirdparty/kernel/stable-queue.git] / releases / 2.6.32.6 / ecryptfs-use-after-free.patch

From ece550f51ba175c14ec3ec047815927d7386ea1f Mon Sep 17 00:00:00 2001
From: Dan Carpenter <error27@gmail.com>
Date: Tue, 19 Jan 2010 12:34:32 +0300
Subject: ecryptfs: use after free

From: Dan Carpenter <error27@gmail.com>

commit ece550f51ba175c14ec3ec047815927d7386ea1f upstream.

The "full_alg_name" variable is used on a couple error paths, so we
shouldn't free it until the end.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 fs/ecryptfs/crypto.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -1748,7 +1748,7 @@ ecryptfs_process_key_cipher(struct crypt
 			    char *cipher_name, size_t *key_size)
 {
 	char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
-	char *full_alg_name;
+	char *full_alg_name = NULL;
 	int rc;
 
 	*key_tfm = NULL;
@@ -1763,7 +1763,6 @@ ecryptfs_process_key_cipher(struct crypt
 	if (rc)
 		goto out;
 	*key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
-	kfree(full_alg_name);
 	if (IS_ERR(*key_tfm)) {
 		rc = PTR_ERR(*key_tfm);
 		printk(KERN_ERR "Unable to allocate crypto cipher with name "
@@ -1786,6 +1785,7 @@ ecryptfs_process_key_cipher(struct crypt
 		goto out;
 	}
 out:
+	kfree(full_alg_name);
 	return rc;
 }
Commit	Line	Data
95cba770 GKH	1	From ece550f51ba175c14ec3ec047815927d7386ea1f Mon Sep 17 00:00:00 2001
	2	From: Dan Carpenter <error27@gmail.com>
	3	Date: Tue, 19 Jan 2010 12:34:32 +0300
	4	Subject: ecryptfs: use after free
	5
	6	From: Dan Carpenter <error27@gmail.com>
	7
	8	commit ece550f51ba175c14ec3ec047815927d7386ea1f upstream.
	9
	10	The "full_alg_name" variable is used on a couple error paths, so we
	11	shouldn't free it until the end.
	12
	13	Signed-off-by: Dan Carpenter <error27@gmail.com>
	14	Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
	15	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	16
	17	---
	18	fs/ecryptfs/crypto.c \| 4 ++--
	19	1 file changed, 2 insertions(+), 2 deletions(-)
	20
	21	--- a/fs/ecryptfs/crypto.c
	22	+++ b/fs/ecryptfs/crypto.c
	23	@@ -1748,7 +1748,7 @@ ecryptfs_process_key_cipher(struct crypt
	24	char cipher_name, size_t key_size)
	25	{
	26	char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
	27	- char *full_alg_name;
	28	+ char *full_alg_name = NULL;
	29	int rc;
	30
	31	*key_tfm = NULL;
	32	@@ -1763,7 +1763,6 @@ ecryptfs_process_key_cipher(struct crypt
	33	if (rc)
	34	goto out;
	35	*key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
	36	- kfree(full_alg_name);
	37	if (IS_ERR(*key_tfm)) {
	38	rc = PTR_ERR(*key_tfm);
	39	printk(KERN_ERR "Unable to allocate crypto cipher with name "
	40	@@ -1786,6 +1785,7 @@ ecryptfs_process_key_cipher(struct crypt
	41	goto out;
	42	}
	43	out:
	44	+ kfree(full_alg_name);
	45	return rc;
	46	}
	47