[ 3.5.yuz extended stable ] Patch "libceph: fix crypto key null deref, memory leak" has been added to staging queue

Herton Ronaldo Krzesinski herton.krzesinski at canonical.com
Tue Nov 20 17:19:24 UTC 2012

This is a note to let you know that I have just added a patch titled

    libceph: fix crypto key null deref, memory leak

to the linux-3.5.y-queue branch of the 3.5.yuz extended stable tree 
which can be found at:


If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.yuz tree, see



>From 0027972355635459815d63d4008c62627fc29943 Mon Sep 17 00:00:00 2001
From: Sylvain Munaut <tnt at 246tNt.com>
Date: Thu, 2 Aug 2012 09:12:59 -0700
Subject: [PATCH 69/78] libceph: fix crypto key null deref, memory leak

commit f0666b1ac875ff32fe290219b150ec62eebbe10e upstream.

Avoid crashing if the crypto key payload was NULL, as when it was not correctly
allocated and initialized.  Also, avoid leaking it.

Signed-off-by: Sylvain Munaut <tnt at 246tNt.com>
Signed-off-by: Sage Weil <sage at inktank.com>
Reviewed-by: Alex Elder <elder at inktank.com>
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski at canonical.com>
 net/ceph/crypto.c |    1 +
 net/ceph/crypto.h |    3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index b780cb7..9da7fdd 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -466,6 +466,7 @@ void ceph_key_destroy(struct key *key) {
 	struct ceph_crypto_key *ckey = key->payload.data;

+	kfree(ckey);

 struct key_type key_type_ceph = {
diff --git a/net/ceph/crypto.h b/net/ceph/crypto.h
index 1919d15..3572dc5 100644
--- a/net/ceph/crypto.h
+++ b/net/ceph/crypto.h
@@ -16,7 +16,8 @@ struct ceph_crypto_key {

 static inline void ceph_crypto_key_destroy(struct ceph_crypto_key *key)
-	kfree(key->key);
+	if (key)
+		kfree(key->key);

 extern int ceph_crypto_key_clone(struct ceph_crypto_key *dst,

More information about the kernel-team mailing list