crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

The starfive_aes_aead_do_one_req() function allocates rctx->adata with
kzalloc() but fails to free it if sg_copy_to_buffer() or
starfive_aes_hw_init() fails, which lead to memory leaks.

Since rctx->adata is unconditionally freed after the write_adata
operations, ensure consistent cleanup by freeing the allocation in these
earlier error paths as well.

Compile tested only. Issue found using a prototype static analysis tool
and code review.

Fixes: 7467147ef9bf ("crypto: starfive - Use dma for aes requests")
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/starfive/jh7110-aes.c b/drivers/crypto/starfive/jh7110-aes.c
index 426b24889af853a63cbe1c9850a205316418adb9..01195664cc7cd9954520c412610815550f74c6a0 100644 (file)
--- a/drivers/crypto/starfive/jh7110-aes.c
+++ b/drivers/crypto/starfive/jh7110-aes.c
@@ -669,8 +669,10 @@ static int starfive_aes_aead_do_one_req(struct crypto_engine *engine, void *areq
                        return -ENOMEM;
 
                if (sg_copy_to_buffer(req->src, sg_nents_for_len(req->src, cryp->assoclen),
-                                     rctx->adata, cryp->assoclen) != cryp->assoclen)
+                                     rctx->adata, cryp->assoclen) != cryp->assoclen) {
+                       kfree(rctx->adata);
                        return -EINVAL;
+               }
        }
 
        if (cryp->total_in)
@@ -681,8 +683,11 @@ static int starfive_aes_aead_do_one_req(struct crypto_engine *engine, void *areq
        ctx->rctx = rctx;
 
        ret = starfive_aes_hw_init(ctx);
-       if (ret)
+       if (ret) {
+               if (cryp->assoclen)
+                       kfree(rctx->adata);
                return ret;
+       }
 
        if (!cryp->assoclen)
                goto write_text;