diff options
author | Christian Engelmayer <cengelma@gmx.at> | 2014-04-21 22:45:59 +0400 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2014-04-28 14:21:17 +0400 |
commit | ac5f863f8c548ab72511213b30368cfc8007ae01 (patch) | |
tree | 5bae766d43ab3847ad573c7a0c15d1e395c2b9a7 /crypto | |
parent | 3d67be2761dc4b5b792037f296f3394a29581efc (diff) | |
download | linux-ac5f863f8c548ab72511213b30368cfc8007ae01.tar.xz |
crypto: tcrypt - Fix potential leak in test_aead_speed() if aad_size is too big
Fix a potential memory leak in the error handling of test_aead_speed(). In case
the size check on the associate data length parameter fails, the function goes
through the wrong exit label. Reported by Coverity - CID 1163870.
Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Acked-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/tcrypt.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 870be7b4dc05..1856d7ff2688 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -282,6 +282,11 @@ static void test_aead_speed(const char *algo, int enc, unsigned int sec, unsigned int *b_size; unsigned int iv_len; + if (aad_size >= PAGE_SIZE) { + pr_err("associate data length (%u) too big\n", aad_size); + return; + } + if (enc == ENCRYPT) e = "encryption"; else @@ -323,14 +328,7 @@ static void test_aead_speed(const char *algo, int enc, unsigned int sec, b_size = aead_sizes; do { assoc = axbuf[0]; - - if (aad_size < PAGE_SIZE) - memset(assoc, 0xff, aad_size); - else { - pr_err("associate data length (%u) too big\n", - aad_size); - goto out_nosg; - } + memset(assoc, 0xff, aad_size); sg_init_one(&asg[0], assoc, aad_size); if ((*keysize + *b_size) > TVMEMSIZE * PAGE_SIZE) { |