Message ID | 20191202045228.22028-2-po-hsu.lin@canonical.com |
---|---|
State | New |
Headers | show |
Series | Fix for CVE-2019-19050 | expand |
On 12/1/19 8:52 PM, Po-Hsu Lin wrote: > From: Navid Emamdoost <navid.emamdoost@gmail.com> > > CVE-2019-19050 > > In crypto_reportstat, a new skb is created by nlmsg_new(). This skb is > leaked if crypto_reportstat_alg() fails. Required release for skb is > added. > > Fixes: cac5818c25d0 ("crypto: user - Implement a generic crypto statistics") > Cc: <stable@vger.kernel.org> > Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > (cherry picked from commit c03b04dcdba1da39903e23cc4d072abf8f68f2dd) > Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> Acked-by: Connor Kuehl <connor.kuehl@canonical.com> > --- > crypto/crypto_user_stat.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/crypto/crypto_user_stat.c b/crypto/crypto_user_stat.c > index 3e9a53233d80..0c0cb9d19591 100644 > --- a/crypto/crypto_user_stat.c > +++ b/crypto/crypto_user_stat.c > @@ -330,8 +330,10 @@ int crypto_reportstat(struct sk_buff *in_skb, struct nlmsghdr *in_nlh, > drop_alg: > crypto_mod_put(alg); > > - if (err) > + if (err) { > + kfree_skb(skb); > return err; > + } > > return nlmsg_unicast(crypto_nlsk, skb, NETLINK_CB(in_skb).portid); > } >
diff --git a/crypto/crypto_user_stat.c b/crypto/crypto_user_stat.c index 3e9a53233d80..0c0cb9d19591 100644 --- a/crypto/crypto_user_stat.c +++ b/crypto/crypto_user_stat.c @@ -330,8 +330,10 @@ int crypto_reportstat(struct sk_buff *in_skb, struct nlmsghdr *in_nlh, drop_alg: crypto_mod_put(alg); - if (err) + if (err) { + kfree_skb(skb); return err; + } return nlmsg_unicast(crypto_nlsk, skb, NETLINK_CB(in_skb).portid); }