tipc: Fix potential tipc_aead refcnt leak in tipc_crypto_rcv - linux

diff options

author	Xiyu Yang <xiyuyang19@fudan.edu.cn>	2020-04-15 10:39:56 +0200
committer	David S. Miller <davem@davemloft.net>	2020-04-18 22:17:04 +0200
commit	441870ee4240cf67b5d3ab8e16216a9ff42eb5d6 (patch)
tree	51f978e622ce9337532be2ee78ea093f27c3b9f9 /drivers/net/wimax/i2400m
parent	net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (diff)
download	linux-441870ee4240cf67b5d3ab8e16216a9ff42eb5d6.tar.xz linux-441870ee4240cf67b5d3ab8e16216a9ff42eb5d6.zip

tipc: Fix potential tipc_aead refcnt leak in tipc_crypto_rcv

tipc_crypto_rcv() invokes tipc_aead_get(), which returns a reference of the tipc_aead object to "aead" with increased refcnt. When tipc_crypto_rcv() returns, the original local reference of "aead" becomes invalid, so the refcount should be decreased to keep refcount balanced. The issue happens in one error path of tipc_crypto_rcv(). When TIPC message decryption status is EINPROGRESS or EBUSY, the function forgets to decrease the refcnt increased by tipc_aead_get() and causes a refcnt leak. Fix this issue by calling tipc_aead_put() on the error path when TIPC message decryption status is EINPROGRESS or EBUSY. Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'drivers/net/wimax/i2400m')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: