Commit 01d0c457 authored by Eric Biggers's avatar Eric Biggers Committed by Sasha Levin

dm crypt: fix free of bad values after tfm allocation failure

[ Upstream commit 5d0be84e ]

If crypt_alloc_tfms() had to allocate multiple tfms and it failed before
the last allocation, then it would call crypt_free_tfms() and could free
pointers from uninitialized memory -- due to the crypt_free_tfms() check
for non-zero cc->tfms[i].  Fix by allocating zeroed memory.
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: default avatarSasha Levin <alexander.levin@verizon.com>
parent ab50c732
......@@ -1401,7 +1401,7 @@ static int crypt_alloc_tfms(struct crypt_config *cc, char *ciphermode)
unsigned i;
int err;
cc->tfms = kmalloc(cc->tfms_count * sizeof(struct crypto_ablkcipher *),
cc->tfms = kzalloc(cc->tfms_count * sizeof(struct crypto_ablkcipher *),
GFP_KERNEL);
if (!cc->tfms)
return -ENOMEM;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment