From ac5f863f8c548ab72511213b30368cfc8007ae01 Mon Sep 17 00:00:00 2001 From: Christian Engelmayer Date: Mon, 21 Apr 2014 20:45:59 +0200 Subject: crypto: tcrypt - Fix potential leak in test_aead_speed() if aad_size is too big Fix a potential memory leak in the error handling of test_aead_speed(). In case the size check on the associate data length parameter fails, the function goes through the wrong exit label. Reported by Coverity - CID 1163870. Signed-off-by: Christian Engelmayer Acked-by: Tim Chen Signed-off-by: Herbert Xu --- crypto/tcrypt.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'crypto') diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 870be7b4dc05..1856d7ff2688 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -282,6 +282,11 @@ static void test_aead_speed(const char *algo, int enc, unsigned int sec, unsigned int *b_size; unsigned int iv_len; + if (aad_size >= PAGE_SIZE) { + pr_err("associate data length (%u) too big\n", aad_size); + return; + } + if (enc == ENCRYPT) e = "encryption"; else @@ -323,14 +328,7 @@ static void test_aead_speed(const char *algo, int enc, unsigned int sec, b_size = aead_sizes; do { assoc = axbuf[0]; - - if (aad_size < PAGE_SIZE) - memset(assoc, 0xff, aad_size); - else { - pr_err("associate data length (%u) too big\n", - aad_size); - goto out_nosg; - } + memset(assoc, 0xff, aad_size); sg_init_one(&asg[0], assoc, aad_size); if ((*keysize + *b_size) > TVMEMSIZE * PAGE_SIZE) { -- cgit v1.2.3