diff options
author | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-12-02 09:14:44 -0600 |
---|---|---|
committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2019-12-02 09:14:44 -0600 |
commit | fbd3f73ad4da4ae212c7eaee500e78d623b6a74b (patch) | |
tree | 617123502e11ad156d7a56147497689c6a63de28 /0001-crypto-ccp-Release-all-allocated-memory-if-sha-type-.patch | |
parent | bf6e2e5c451ec4c8cf99792c5174aed9fa65c6e1 (diff) | |
download | kernel-fbd3f73ad4da4ae212c7eaee500e78d623b6a74b.tar.gz kernel-fbd3f73ad4da4ae212c7eaee500e78d623b6a74b.tar.xz kernel-fbd3f73ad4da4ae212c7eaee500e78d623b6a74b.zip |
Fix CVE-2019-18808 CVE-2019-18809 CVE-2019-18811 CVE-2019-18812 CVE-2019-16232
Diffstat (limited to '0001-crypto-ccp-Release-all-allocated-memory-if-sha-type-.patch')
-rw-r--r-- | 0001-crypto-ccp-Release-all-allocated-memory-if-sha-type-.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/0001-crypto-ccp-Release-all-allocated-memory-if-sha-type-.patch b/0001-crypto-ccp-Release-all-allocated-memory-if-sha-type-.patch new file mode 100644 index 000000000..fc8bde000 --- /dev/null +++ b/0001-crypto-ccp-Release-all-allocated-memory-if-sha-type-.patch @@ -0,0 +1,37 @@ +From 128c66429247add5128c03dc1e144ca56f05a4e2 Mon Sep 17 00:00:00 2001 +From: Navid Emamdoost <navid.emamdoost@gmail.com> +Date: Thu, 19 Sep 2019 11:04:48 -0500 +Subject: [PATCH] crypto: ccp - Release all allocated memory if sha type is + invalid + +Release all allocated memory if sha type is invalid: +In ccp_run_sha_cmd, if the type of sha is invalid, the allocated +hmac_buf should be released. + +v2: fix the goto. + +Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com> +Acked-by: Gary R Hook <gary.hook@amd.com> +Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> +--- + drivers/crypto/ccp/ccp-ops.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c +index c8da8eb160da..422193690fd4 100644 +--- a/drivers/crypto/ccp/ccp-ops.c ++++ b/drivers/crypto/ccp/ccp-ops.c +@@ -1777,8 +1777,9 @@ ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) + LSB_ITEM_SIZE); + break; + default: ++ kfree(hmac_buf); + ret = -EINVAL; +- goto e_ctx; ++ goto e_data; + } + + memset(&hmac_cmd, 0, sizeof(hmac_cmd)); +-- +2.23.0 + |