APPLIED/CMT[F]: [FOCAL][CVE-2019-18808][PATCH 1/2] crypto: ccp - Release all allocated memory if sha type is invalid
Ian May
ian.may at canonical.com
Tue Aug 25 22:23:53 UTC 2020
This patch was applied in the following patchset:
Focal update: v5.4.56 upstream stable release
https://bugs.launchpad.net/bugs/1891063
Thanks!
Ian
On 2020-08-13 08:33:49 , William Breathitt Gray wrote:
> From: Navid Emamdoost <navid.emamdoost at gmail.com>
>
> Release all allocated memory if sha type is invalid:
> In ccp_run_sha_cmd, if the type of sha is invalid, the allocated
> hmac_buf should be released.
>
> v2: fix the goto.
>
> Signed-off-by: Navid Emamdoost <navid.emamdoost at gmail.com>
> Acked-by: Gary R Hook <gary.hook at amd.com>
> Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
>
> CVE-2019-18808
>
> (cherry picked from 128c66429247add5128c03dc1e144ca56f05a4e2)
> Signed-off-by: William Breathitt Gray <william.gray at canonical.com>
> ---
> drivers/crypto/ccp/ccp-ops.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c
> index c8da8eb160da..422193690fd4 100644
> --- a/drivers/crypto/ccp/ccp-ops.c
> +++ b/drivers/crypto/ccp/ccp-ops.c
> @@ -1777,8 +1777,9 @@ ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)
> LSB_ITEM_SIZE);
> break;
> default:
> + kfree(hmac_buf);
> ret = -EINVAL;
> - goto e_ctx;
> + goto e_data;
> }
>
> memset(&hmac_cmd, 0, sizeof(hmac_cmd));
> --
> 2.25.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list