Message ID | 20191122220242.29359-1-navid.emamdoost@gmail.com |
---|---|
State | Rejected |
Delegated to: | David Miller |
Headers | show |
Series | macsec: Fix memory leaks in macsec_decrypt() | expand |
Navid Emamdoost <navid.emamdoost@gmail.com> wrote: > In the implementation of macsec_decrypt(), there are two memory leaks > when crypto_aead_decrypt() fails. Release allocated req and skb before > return. > > Fixes: c3b7d0bd7ac2 ("macsec: fix rx_sa refcounting with decrypt callback") > Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> > --- > drivers/net/macsec.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c > index afd8b2a08245..34c6fb4eb9ef 100644 > --- a/drivers/net/macsec.c > +++ b/drivers/net/macsec.c > @@ -986,6 +986,8 @@ static struct sk_buff *macsec_decrypt(struct sk_buff *skb, > dev_hold(dev); > ret = crypto_aead_decrypt(req); > if (ret == -EINPROGRESS) { > + aead_request_free(req); > + kfree_skb(skb); -EINPROGRESS means decryption is handled asynchronously, no? > return ERR_PTR(ret); > } else if (ret != 0) { > /* decryption/authentication failed This is the error handling/failure path.
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index afd8b2a08245..34c6fb4eb9ef 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -986,6 +986,8 @@ static struct sk_buff *macsec_decrypt(struct sk_buff *skb, dev_hold(dev); ret = crypto_aead_decrypt(req); if (ret == -EINPROGRESS) { + aead_request_free(req); + kfree_skb(skb); return ERR_PTR(ret); } else if (ret != 0) { /* decryption/authentication failed
In the implementation of macsec_decrypt(), there are two memory leaks when crypto_aead_decrypt() fails. Release allocated req and skb before return. Fixes: c3b7d0bd7ac2 ("macsec: fix rx_sa refcounting with decrypt callback") Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> --- drivers/net/macsec.c | 2 ++ 1 file changed, 2 insertions(+)