pknock: fix return values and memleak in has_secret

First, there is a memory leak - when the crypto functions fail,
hexresult was not freed. Second, in that error case, the return value
is simply passed up to the caller, ignoring the different meanings of
0 and 1 between crypto and pknock.

diff --git a/extensions/xt_pknock.c b/extensions/xt_pknock.c
index 1f9e3d8780f3e317bcf6dee977126a81e04065ee..a24303c64179898fc936cf6e7c10361b55b18c6f 100644 (file)
--- a/extensions/xt_pknock.c
+++ b/extensions/xt_pknock.c
@@ -737,7 +737,8 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
        ret = crypto_hash_setkey(crypto.tfm, secret, secret_len);
        if (ret) {
                printk("crypto_hash_setkey() failed ret=%d\n", ret);
-               return ret;
+               ret = 0;
+               goto out;
        }
 
        /*
@@ -748,20 +749,19 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
        ret = crypto_hash_digest(&crypto.desc, sg, 8, result);
        if (ret) {
                printk("crypto_hash_digest() failed ret=%d\n", ret);
-               return ret;
+               ret = 0;
+               goto out;
        }
 
        crypt_to_hex(hexresult, result, crypto.size);
 
        if (memcmp(hexresult, payload, hexa_size) != 0) {
                pr_debug("secret match failed\n");
-               goto out;
+               ret = 0;
        }
 
-       ret = 1;
-
-out:
-       if (hexresult != NULL) kfree(hexresult);
+ out:
+       kfree(hexresult);
        return ret;
 }