diff options
| author | Dan Carpenter <dan.carpenter@oracle.com> | 2020-12-03 11:44:31 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-12-08 10:40:26 +0100 |
| commit | 7c3894f695e487e13b2d599e3d3437ea6969c78d (patch) | |
| tree | 302a455660af9214238030ee7ffb8f49ac421ee9 /drivers/crypto | |
| parent | 178da08f9b5ba74a3bf5d8dc9eb66b111ceeb24a (diff) | |
| download | linux-7c3894f695e487e13b2d599e3d3437ea6969c78d.tar.gz linux-7c3894f695e487e13b2d599e3d3437ea6969c78d.tar.bz2 linux-7c3894f695e487e13b2d599e3d3437ea6969c78d.zip | |
chelsio/chtls: fix a double free in chtls_setkey()
[ Upstream commit 391119fb5c5c4bdb4d57c7ffeb5e8d18560783d1 ]
The "skb" is freed by the transmit code in cxgb4_ofld_send() and we
shouldn't use it again. But in the current code, if we hit an error
later on in the function then the clean up code will call kfree_skb(skb)
and so it causes a double free.
Set the "skb" to NULL and that makes the kfree_skb() a no-op.
Fixes: d25f2f71f653 ("crypto: chtls - Program the TLS session Key")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/X8ilb6PtBRLWiSHp@mwanda
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/crypto')
| -rw-r--r-- | drivers/crypto/chelsio/chtls/chtls_hw.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/crypto/chelsio/chtls/chtls_hw.c b/drivers/crypto/chelsio/chtls/chtls_hw.c index 3ef723e08953..753f4ba38f83 100644 --- a/drivers/crypto/chelsio/chtls/chtls_hw.c +++ b/drivers/crypto/chelsio/chtls/chtls_hw.c @@ -365,6 +365,7 @@ int chtls_setkey(struct chtls_sock *csk, u32 keylen, u32 optname) csk->wr_unacked += DIV_ROUND_UP(len, 16); enqueue_wr(csk, skb); cxgb4_ofld_send(csk->egress_dev, skb); + skb = NULL; chtls_set_scmd(csk); /* Clear quiesce for Rx key */ |