diff mbox series

[FOCAL,CVE-2019-18808,1/2] crypto: ccp - Release all allocated memory if sha type is invalid

Message ID 9cf43d16e60089ef42556644381d438e3b531153.1597321688.git.william.gray@canonical.com
State New
Headers show
Series [FOCAL,CVE-2019-18808,1/2] crypto: ccp - Release all allocated memory if sha type is invalid | expand

Commit Message

William Breathitt Gray Aug. 13, 2020, 12:33 p.m. UTC 
From: Navid Emamdoost <navid.emamdoost@gmail.com>

Release all allocated memory if sha type is invalid:
In ccp_run_sha_cmd, if the type of sha is invalid, the allocated
hmac_buf should be released.

v2: fix the goto.

Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Acked-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

CVE-2019-18808

(cherry picked from 128c66429247add5128c03dc1e144ca56f05a4e2)
Signed-off-by: William Breathitt Gray <william.gray@canonical.com>
---
 drivers/crypto/ccp/ccp-ops.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Ian May Aug. 25, 2020, 10:23 p.m. UTC | #1 
This patch was applied in the following patchset:

Focal update: v5.4.56 upstream stable release
https://bugs.launchpad.net/bugs/1891063

Thanks!
Ian

On 2020-08-13 08:33:49 , William Breathitt Gray wrote:
> From: Navid Emamdoost <navid.emamdoost@gmail.com>
> 
> Release all allocated memory if sha type is invalid:
> In ccp_run_sha_cmd, if the type of sha is invalid, the allocated
> hmac_buf should be released.
> 
> v2: fix the goto.
> 
> Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
> Acked-by: Gary R Hook <gary.hook@amd.com>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> 
> CVE-2019-18808
> 
> (cherry picked from 128c66429247add5128c03dc1e144ca56f05a4e2)
> Signed-off-by: William Breathitt Gray <william.gray@canonical.com>
> ---
>  drivers/crypto/ccp/ccp-ops.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
> index c8da8eb160da..422193690fd4 100644
> --- a/drivers/crypto/ccp/ccp-ops.c
> +++ b/drivers/crypto/ccp/ccp-ops.c
> @@ -1777,8 +1777,9 @@ ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
>  			       LSB_ITEM_SIZE);
>  			break;
>  		default:
> +			kfree(hmac_buf);
>  			ret = -EINVAL;
> -			goto e_ctx;
> +			goto e_data;
>  		}
>  
>  		memset(&hmac_cmd, 0, sizeof(hmac_cmd));
> -- 
> 2.25.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
diff mbox series

Patch

diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
index c8da8eb160da..422193690fd4 100644
--- a/drivers/crypto/ccp/ccp-ops.c
+++ b/drivers/crypto/ccp/ccp-ops.c
@@ -1777,8 +1777,9 @@  ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
 			       LSB_ITEM_SIZE);
 			break;
 		default:
+			kfree(hmac_buf);
 			ret = -EINVAL;
-			goto e_ctx;
+			goto e_data;
 		}
 
 		memset(&hmac_cmd, 0, sizeof(hmac_cmd));