From: Tetsuo Handa Date: Mon, 17 Jan 2011 00:22:47 +0000 (+0900) Subject: trusted-keys: another free memory bugfix X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=35576eab390df313095306e2a8216134910e7014;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git trusted-keys: another free memory bugfix TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and forgot to call va_end() when crypto_shash_update() < 0. Fix these bugs by escaping from the loop using "break" (rather than "return"/"goto") in order to make sure that va_end()/kfree() are always called. Signed-off-by: Tetsuo Handa Reviewed-by: Jesper Juhl Acked-by: Mimi Zohar Acked-by: David Howells Signed-off-by: James Morris --- diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c index 932f8687df16..7b2179589063 100644 --- a/security/keys/trusted_defined.c +++ b/security/keys/trusted_defined.c @@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, if (dlen == 0) break; data = va_arg(argp, unsigned char *); - if (data == NULL) - return -EINVAL; + if (data == NULL) { + ret = -EINVAL; + break; + } ret = crypto_shash_update(&sdesc->shash, data, dlen); if (ret < 0) - goto out; + break; } va_end(argp); if (!ret)