diff options
| author | Gaosheng Cui <cuigaosheng1@huawei.com> | 2024-07-06 14:46:25 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-08-03 08:48:55 +0200 |
| commit | e6fc7bff223ce8a000e9fed4b1d688fe839764d5 (patch) | |
| tree | 06249d428499ccf7854eebc515e69ed19af03362 /drivers | |
| parent | 1d78d9625205a6f2d4d5841b87268b52e114a601 (diff) | |
| download | linux-e6fc7bff223ce8a000e9fed4b1d688fe839764d5.tar.gz linux-e6fc7bff223ce8a000e9fed4b1d688fe839764d5.tar.bz2 linux-e6fc7bff223ce8a000e9fed4b1d688fe839764d5.zip | |
nvmet-auth: fix nvmet_auth hash error handling
[ Upstream commit 89f58f96d1e2357601c092d85b40a2109cf25ef3 ]
If we fail to call nvme_auth_augmented_challenge, or fail to kmalloc
for shash, we should free the memory allocation for challenge, so add
err path out_free_challenge to fix the memory leak.
Fixes: 7a277c37d352 ("nvmet-auth: Diffie-Hellman key exchange support")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/nvme/target/auth.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c index e900525b7866..aacc05ec00c2 100644 --- a/drivers/nvme/target/auth.c +++ b/drivers/nvme/target/auth.c @@ -314,7 +314,7 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response, req->sq->dhchap_c1, challenge, shash_len); if (ret) - goto out_free_response; + goto out_free_challenge; } pr_debug("ctrl %d qid %d host response seq %u transaction %d\n", @@ -325,7 +325,7 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response, GFP_KERNEL); if (!shash) { ret = -ENOMEM; - goto out_free_response; + goto out_free_challenge; } shash->tfm = shash_tfm; ret = crypto_shash_init(shash); @@ -361,9 +361,10 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response, goto out; ret = crypto_shash_final(shash, response); out: + kfree(shash); +out_free_challenge: if (challenge != req->sq->dhchap_c1) kfree(challenge); - kfree(shash); out_free_response: kfree_sensitive(host_response); out_free_tfm: @@ -426,14 +427,14 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *response, req->sq->dhchap_c2, challenge, shash_len); if (ret) - goto out_free_response; + goto out_free_challenge; } shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(shash_tfm), GFP_KERNEL); if (!shash) { ret = -ENOMEM; - goto out_free_response; + goto out_free_challenge; } shash->tfm = shash_tfm; @@ -470,9 +471,10 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *response, goto out; ret = crypto_shash_final(shash, response); out: + kfree(shash); +out_free_challenge: if (challenge != req->sq->dhchap_c2) kfree(challenge); - kfree(shash); out_free_response: kfree_sensitive(ctrl_response); out_free_tfm: |