From: Jarkko Sakkinen <jarkko@kernel.org>
To: Jianglei Nie <niejianglei2021@163.com>
Cc: jejb@linux.ibm.com, zohar@linux.ibm.com, dhowells@redhat.com,
jmorris@namei.org, serge@hallyn.com,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] security:trusted_tpm2: Fix memory leak in tpm2_key_encode()
Date: Wed, 29 Dec 2021 02:08:59 +0200 [thread overview]
Message-ID: <YcunG4iFQ5s7uJsc@iki.fi> (raw)
In-Reply-To: <20211221085404.6769-1-niejianglei2021@163.com>
KEYS: trusted: Fix memory leak in tpm2_key_encode()
On Tue, Dec 21, 2021 at 04:54:04PM +0800, Jianglei Nie wrote:
> Line 36 (#1) allocates a memory chunk for scratch by kmalloc(), but
> it is never freed through the function, which will lead to a memory
> leak.
>
> We should kfree() scratch before the function returns (#2, #3 and #4).
>
> 31 static int tpm2_key_encode(struct trusted_key_payload *payload,
> 32 struct trusted_key_options *options,
> 33 u8 *src, u32 len)
> 34 {
> 36 u8 *scratch = kmalloc(SCRATCH_SIZE, GFP_KERNEL);
> // #1: kmalloc space
> 50 if (!scratch)
> 51 return -ENOMEM;
>
> 56 if (options->blobauth_len == 0) {
> 60 if (WARN(IS_ERR(w), "BUG: Boolean failed to encode"))
> 61 return PTR_ERR(w); // #2: missing kfree
> 63 }
>
> 71 if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE,
> 72 "BUG: scratch buffer is too small"))
> 73 return -EINVAL; // #3: missing kfree
>
> // #4: missing kfree: scratch is never used afterwards.
> 82 if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed"))
> 83 return PTR_ERR(work1);
>
> 85 return work1 - payload->blob;
> 86 }
>
> Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Please write a proper commit message and not just dump tool output. You
are completely lacking analysis of what the heck you are doing.
E.g. you could just:
"The internal buffer in tpm2_key_encode() is not freed, which leads to a
memory leak. Handle those cases with kfree()."
/Jarkko
next prev parent reply other threads:[~2021-12-29 0:09 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-21 8:54 [PATCH] security:trusted_tpm2: Fix memory leak in tpm2_key_encode() Jianglei Nie
2021-12-29 0:08 ` Jarkko Sakkinen [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-06-08 2:59 Jianglei Nie
2022-06-08 8:00 ` Jarkko Sakkinen
2022-06-08 8:29 ` Ahmad Fatoum
2022-06-07 7:46 Jianglei Nie
2022-06-07 8:34 ` Ahmad Fatoum
2022-06-07 10:09 ` Jarkko Sakkinen
2021-12-12 13:54 Jianglei Nie
2021-12-12 21:21 ` Serge E. Hallyn
2021-12-21 8:33 ` Jarkko Sakkinen
2021-11-24 16:43 Jianglei Nie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YcunG4iFQ5s7uJsc@iki.fi \
--to=jarkko@kernel.org \
--cc=dhowells@redhat.com \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=niejianglei2021@163.com \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).