From patchwork Thu Aug 13 12:33:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: William Breathitt Gray X-Patchwork-Id: 1344239 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BS5bW2wWsz9sTT; Thu, 13 Aug 2020 22:33:59 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1k6CQe-0000ki-PJ; Thu, 13 Aug 2020 12:33:56 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1k6CQd-0000k5-5h for kernel-team@lists.ubuntu.com; Thu, 13 Aug 2020 12:33:55 +0000 Received: from mail-qt1-f199.google.com ([209.85.160.199]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1k6CQc-0006X3-Rz for kernel-team@lists.ubuntu.com; Thu, 13 Aug 2020 12:33:54 +0000 Received: by mail-qt1-f199.google.com with SMTP id w30so4654427qte.14 for ; Thu, 13 Aug 2020 05:33:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=yZrIDS+amvwrnXds/DNSDMSSP1ptuhmlGfAV/AaTZHM=; b=nez7f8pqJYAr9YQY2iNQl8NySYW5YWrFeHn030QgRUEoZMBPZUdDonlxBS+7bnLwwm wfvVbI05QIjYlldBtW9QtjyAATX8PWkN8mhNMbxzBXOX4MUgNpdM6VNLzGDJdDV4GO8o SsDTRL6+kczHSVeKNB85lnJGQDjbAWWceVMXjqOJiSWjSGs3i+5hpFooRTzUqIa9UEDG lb2TfCwCkYo9SAhLrSX+TpSOOpQxfAMlQG2+UZT6LM/bvhcBDeQKPifw+cfCCtKw6M3a e+RwrmxEA47QftxM9JgE2GWQCZYyY6eKRAq+PYftmugCCBbcA4gmQ/rZMGNF4R65z0bW D9QQ== X-Gm-Message-State: AOAM531xzf0Vcqei+scgqn1TR9aYKULL53PnvIdAsQDo6GVZQmfhRPBD dXaTtNmSa+KNzm7fFvOmYhSrgR2MU1b1R15J/evHpXLWklNtei1KjW+DRETKCqU4xAvIx3yOHp0 e2vn14etYMrwNGIkk+LLL/rPUfW3tbAczO4basfJvUA== X-Received: by 2002:ac8:490d:: with SMTP id e13mr4866834qtq.198.1597322033500; Thu, 13 Aug 2020 05:33:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy+SFcy6D3t8MX/Fwznc1a/aCOhGovyUvUdIKXRpQMDdSYuvR5vN7YYzUrSUrLtus6lce6dFg== X-Received: by 2002:ac8:490d:: with SMTP id e13mr4866820qtq.198.1597322033327; Thu, 13 Aug 2020 05:33:53 -0700 (PDT) Received: from localhost.localdomain (072-189-064-225.res.spectrum.com. [72.189.64.225]) by smtp.gmail.com with ESMTPSA id p4sm5108416qkj.135.2020.08.13.05.33.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Aug 2020 05:33:52 -0700 (PDT) From: William Breathitt Gray To: kernel-team@lists.ubuntu.com Subject: [FOCAL][CVE-2019-18808][PATCH 1/2] crypto: ccp - Release all allocated memory if sha type is invalid Date: Thu, 13 Aug 2020 08:33:49 -0400 Message-Id: <9cf43d16e60089ef42556644381d438e3b531153.1597321688.git.william.gray@canonical.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200813123349.5867-1-william.gray@canonical.com> References: <9cf43d16e60089ef42556644381d438e3b531153.1597321688.git.william.gray@canonical.com> <20200813123349.5867-1-william.gray@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Navid Emamdoost Release all allocated memory if sha type is invalid: In ccp_run_sha_cmd, if the type of sha is invalid, the allocated hmac_buf should be released. v2: fix the goto. Signed-off-by: Navid Emamdoost Acked-by: Gary R Hook Signed-off-by: Herbert Xu CVE-2019-18808 (cherry picked from 128c66429247add5128c03dc1e144ca56f05a4e2) Signed-off-by: William Breathitt Gray --- drivers/crypto/ccp/ccp-ops.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c index c8da8eb160da..422193690fd4 100644 --- a/drivers/crypto/ccp/ccp-ops.c +++ b/drivers/crypto/ccp/ccp-ops.c @@ -1777,8 +1777,9 @@ ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) LSB_ITEM_SIZE); break; default: + kfree(hmac_buf); ret = -EINVAL; - goto e_ctx; + goto e_data; } memset(&hmac_cmd, 0, sizeof(hmac_cmd)); From patchwork Thu Aug 13 12:33:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: William Breathitt Gray X-Patchwork-Id: 1344238 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BS5bV4tWgz9sPf; Thu, 13 Aug 2020 22:33:58 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1k6CQd-0000kD-Ko; Thu, 13 Aug 2020 12:33:55 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1k6CQb-0000jx-G0 for kernel-team@lists.ubuntu.com; Thu, 13 Aug 2020 12:33:53 +0000 Received: from mail-qt1-f199.google.com ([209.85.160.199]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1k6CQb-0006Wl-5Y for kernel-team@lists.ubuntu.com; Thu, 13 Aug 2020 12:33:53 +0000 Received: by mail-qt1-f199.google.com with SMTP id e14so4670338qtm.5 for ; Thu, 13 Aug 2020 05:33:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=J5VthGs1zGCEWzqFOt3kTAT8eSkxRPy8Sy7uJ9Qo/VU=; b=E9nsVnjBfnT0fNrtAoKXdksWVCu8ck2blqtUEHm/oNFD15HPWNapGcLavjm3bGi/+K g7Ya/X5vUmHk4B8AOL8w1zWkLqLZROcQmTgV9+9galuWOzj0Zm5z8oQdndcgej9cLY5E aLsa56I1l9kThAE9+pR8THfewioZJo+/9XySvU9HDFFCYCEahPWRQjj+XahI96fY9erg 79qEPvL7lUmLZy6JwR6QOVpL1DzCN78yF958GonJNnYdg/btx821NFbHwCBZFCIQjZio vl0zF/lVg9tHQMX4XSLeB2gKHy2u32m6cGXwUk7L4g7YYZUSFGclI21zTIeT3SHvMJ48 92og== X-Gm-Message-State: AOAM533f4B8an7pCd6bWv8vlEJ6WQR8HfxEXtyii1R7Gfbi8VauKofo5 tpKL1GyiOK6jjyfVlcGOsgNfpxBCueaLAHQoeLJja6DLl1d5SHwEZ9pOgPBy74RP68SZJheDVmg lLSPidr7xljEJa1mVsTSjc9J5H29IlLHFwHnhvYML1g== X-Received: by 2002:ac8:73c3:: with SMTP id v3mr5071581qtp.266.1597322031863; Thu, 13 Aug 2020 05:33:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxieft8SK1x7gBSqHRuNb54FnWYWqXKJzxeHukqaVJ+x40L2HOEyAPKcybIAZxiK7joUsqi6w== X-Received: by 2002:ac8:73c3:: with SMTP id v3mr5071562qtp.266.1597322031630; Thu, 13 Aug 2020 05:33:51 -0700 (PDT) Received: from localhost.localdomain (072-189-064-225.res.spectrum.com. [72.189.64.225]) by smtp.gmail.com with ESMTPSA id p4sm5108416qkj.135.2020.08.13.05.33.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Aug 2020 05:33:50 -0700 (PDT) From: William Breathitt Gray To: kernel-team@lists.ubuntu.com Subject: [BIONIC][CVE-2019-18808][PATCH 2/2] crypto: ccp - Release all allocated memory if sha type is invalid Date: Thu, 13 Aug 2020 08:33:48 -0400 Message-Id: <20200813123349.5867-1-william.gray@canonical.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <9cf43d16e60089ef42556644381d438e3b531153.1597321688.git.william.gray@canonical.com> References: <9cf43d16e60089ef42556644381d438e3b531153.1597321688.git.william.gray@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Navid Emamdoost Release all allocated memory if sha type is invalid: In ccp_run_sha_cmd, if the type of sha is invalid, the allocated hmac_buf should be released. v2: fix the goto. Signed-off-by: Navid Emamdoost Acked-by: Gary R Hook Signed-off-by: Herbert Xu CVE-2019-18808 (cherry picked from 128c66429247add5128c03dc1e144ca56f05a4e2) Signed-off-by: William Breathitt Gray Acked-by: Stefan Bader Acked-by: Kleber Sacilotto de Souza --- drivers/crypto/ccp/ccp-ops.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c index 330853a2702f..43b74cf0787e 100644 --- a/drivers/crypto/ccp/ccp-ops.c +++ b/drivers/crypto/ccp/ccp-ops.c @@ -1783,8 +1783,9 @@ ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) LSB_ITEM_SIZE); break; default: + kfree(hmac_buf); ret = -EINVAL; - goto e_ctx; + goto e_data; } memset(&hmac_cmd, 0, sizeof(hmac_cmd));