diff mbox series

[SRU,J,1/3] tls: rx: coalesce exit paths in tls_decrypt_sg()

Message ID bae1c6098b44d13970786d86bf444b8a661bf138.1725545867.git.juerg.haefliger@canonical.com
State New
Headers show
Series CVE-2024-26800 | expand

Commit Message

Juerg Haefliger Sept. 5, 2024, 2:26 p.m. UTC 
From: Jakub Kicinski <kuba@kernel.org>

Jump to the free() call, instead of having to remember
to free the memory in multiple places.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(backported from commit 03957d84055e59235c7d57c95a37617bd3aa5646)
[juergh: Adjusted context.]
CVE-2024-26800
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
---
 net/tls/tls_sw.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)
diff mbox series

Patch

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 065454136be7..02d2e883d476 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1501,10 +1501,8 @@  static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
 	err = skb_copy_bits(skb, rxm->offset + TLS_HEADER_SIZE,
 			    iv + iv_offset + prot->salt_size,
 			    prot->iv_size);
-	if (err < 0) {
-		kfree(mem);
-		return err;
-	}
+	if (err < 0)
+		goto exit_free;
 	if (prot->version == TLS_1_3_VERSION ||
 	    prot->cipher_type == TLS_CIPHER_CHACHA20_POLY1305)
 		memcpy(iv + iv_offset, tls_ctx->rx.iv,
@@ -1525,10 +1523,8 @@  static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
 	err = skb_to_sgvec(skb, &sgin[1],
 			   rxm->offset + prot->prepend_size,
 			   rxm->full_len - prot->prepend_size);
-	if (err < 0) {
-		kfree(mem);
-		return err;
-	}
+	if (err < 0)
+		goto exit_free;
 
 	if (n_sgout) {
 		if (out_iov) {
@@ -1561,7 +1557,7 @@  static int decrypt_internal(struct sock *sk, struct sk_buff *skb,
 	/* Release the pages in case iov was mapped to pages */
 	for (; pages > 0; pages--)
 		put_page(sg_page(&sgout[pages]));
-
+exit_free:
 	kfree(mem);
 	return err;
 }