trusted-keys: another free memory bugfix
Tetsuo Handa [Mon, 17 Jan 2011 00:22:47 +0000 (09:22 +0900)]
TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and
forgot to call va_end() when crypto_shash_update() < 0.
Fix these bugs by escaping from the loop using "break"
(rather than "return"/"goto") in order to make sure that
va_end()/kfree() are always called.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

security/keys/trusted_defined.c

index 932f868..7b21795 100644 (file)
@@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
                if (dlen == 0)
                        break;
                data = va_arg(argp, unsigned char *);
-               if (data == NULL)
-                       return -EINVAL;
+               if (data == NULL) {
+                       ret = -EINVAL;
+                       break;
+               }
                ret = crypto_shash_update(&sdesc->shash, data, dlen);
                if (ret < 0)
-                       goto out;
+                       break;
        }
        va_end(argp);
        if (!ret)