diff mbox series

[D,E,F,SRU,CVE-2019-19050,1/1] crypto: user - fix memory leak in crypto_reportstat

Message ID 20191202045228.22028-2-po-hsu.lin@canonical.com
State New
Headers show
Series Fix for CVE-2019-19050 | expand

Commit Message

Po-Hsu Lin Dec. 2, 2019, 4:52 a.m. UTC 
From: Navid Emamdoost <navid.emamdoost@gmail.com>

CVE-2019-19050

In crypto_reportstat, a new skb is created by nlmsg_new(). This skb is
leaked if crypto_reportstat_alg() fails. Required release for skb is
added.

Fixes: cac5818c25d0 ("crypto: user - Implement a generic crypto statistics")
Cc: <stable@vger.kernel.org>
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit c03b04dcdba1da39903e23cc4d072abf8f68f2dd)
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
---
 crypto/crypto_user_stat.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Connor Kuehl Dec. 6, 2019, 9:30 p.m. UTC | #1 
On 12/1/19 8:52 PM, Po-Hsu Lin wrote:
> From: Navid Emamdoost <navid.emamdoost@gmail.com>
> 
> CVE-2019-19050
> 
> In crypto_reportstat, a new skb is created by nlmsg_new(). This skb is
> leaked if crypto_reportstat_alg() fails. Required release for skb is
> added.
> 
> Fixes: cac5818c25d0 ("crypto: user - Implement a generic crypto statistics")
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> (cherry picked from commit c03b04dcdba1da39903e23cc4d072abf8f68f2dd)
> Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>

Acked-by: Connor Kuehl <connor.kuehl@canonical.com>

> ---
>   crypto/crypto_user_stat.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/crypto/crypto_user_stat.c b/crypto/crypto_user_stat.c
> index 3e9a53233d80..0c0cb9d19591 100644
> --- a/crypto/crypto_user_stat.c
> +++ b/crypto/crypto_user_stat.c
> @@ -330,8 +330,10 @@ int crypto_reportstat(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
>   drop_alg:
>   	crypto_mod_put(alg);
>   
> -	if (err)
> +	if (err) {
> +		kfree_skb(skb);
>   		return err;
> +	}
>   
>   	return nlmsg_unicast(crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
>   }
>
diff mbox series

Patch

diff --git a/crypto/crypto_user_stat.c b/crypto/crypto_user_stat.c
index 3e9a53233d80..0c0cb9d19591 100644
--- a/crypto/crypto_user_stat.c
+++ b/crypto/crypto_user_stat.c
@@ -330,8 +330,10 @@  int crypto_reportstat(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
 drop_alg:
 	crypto_mod_put(alg);
 
-	if (err)
+	if (err) {
+		kfree_skb(skb);
 		return err;
+	}
 
 	return nlmsg_unicast(crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
 }