Commit ece550f5 authored by Dan Carpenter's avatar Dan Carpenter Committed by Tyler Hicks

ecryptfs: use after free

The "full_alg_name" variable is used on a couple error paths, so we
shouldn't free it until the end.
Signed-off-by: default avatarDan Carpenter <error27@gmail.com>
Cc: stable@kernel.org
Signed-off-by: default avatarTyler Hicks <tyhicks@linux.vnet.ibm.com>
parent 4aa25bcb
......@@ -1748,7 +1748,7 @@ ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
char *cipher_name, size_t *key_size)
{
char dummy_key[ECRYPTFS_MAX_KEY_BYTES];
char *full_alg_name;
char *full_alg_name = NULL;
int rc;
*key_tfm = NULL;
......@@ -1763,7 +1763,6 @@ ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
if (rc)
goto out;
*key_tfm = crypto_alloc_blkcipher(full_alg_name, 0, CRYPTO_ALG_ASYNC);
kfree(full_alg_name);
if (IS_ERR(*key_tfm)) {
rc = PTR_ERR(*key_tfm);
printk(KERN_ERR "Unable to allocate crypto cipher with name "
......@@ -1786,6 +1785,7 @@ ecryptfs_process_key_cipher(struct crypto_blkcipher **key_tfm,
goto out;
}
out:
kfree(full_alg_name);
return rc;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment