LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end()
@ 2011-01-13 20:07 Jesper Juhl
2011-01-14 13:28 ` David Safford
2011-01-14 13:31 ` [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() David Howells
0 siblings, 2 replies; 25+ messages in thread
From: Jesper Juhl @ 2011-01-13 20:07 UTC (permalink / raw)
To: David Howells
Cc: David Safford, James Morris, keyrings, linux-security-module,
linux-kernel
In security/keys/trusted_defined.c::TSS_rawhmac() we may leak the storage
allocated to 'sdesc' if
data = va_arg(argp, unsigned char *);
results in a NULL 'data' and we then leave the function by returning
-EINVAL. We also neglect calling va_end(argp) in that case and furthermore
we neglect va_end(argp) if
ret = crypto_shash_update(&sdesc->shash, data, dlen);
results in ret being negative and we then jump to the 'out' label.
I believe this patch takes care of these issues. Please review and
consider for inclusion.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
---
trusted_defined.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
compile tested only.
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
index 975e9f2..0ec7ab8 100644
--- a/security/keys/trusted_defined.c
+++ b/security/keys/trusted_defined.c
@@ -101,16 +101,18 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
if (dlen == 0)
break;
data = va_arg(argp, unsigned char *);
- if (data == NULL)
- return -EINVAL;
+ if (data == NULL) {
+ ret = -EINVAL;
+ goto out;
+ }
ret = crypto_shash_update(&sdesc->shash, data, dlen);
if (ret < 0)
goto out;
}
- va_end(argp);
if (!ret)
ret = crypto_shash_final(&sdesc->shash, digest);
out:
+ va_end(argp);
kfree(sdesc);
return ret;
}
--
Jesper Juhl <jj@chaosbits.net> http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end()
2011-01-13 20:07 [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() Jesper Juhl
@ 2011-01-14 13:28 ` David Safford
2011-01-14 13:45 ` [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so wealways " Tetsuo Handa
2011-01-14 13:31 ` [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() David Howells
1 sibling, 1 reply; 25+ messages in thread
From: David Safford @ 2011-01-14 13:28 UTC (permalink / raw)
To: Jesper Juhl
Cc: David Howells, David Safford, James Morris, keyrings,
linux-security-module, linux-kernel
On Thu, 2011-01-13 at 21:07 +0100, Jesper Juhl wrote:
> In security/keys/trusted_defined.c::TSS_rawhmac() we may leak the storage
> allocated to 'sdesc' if
> data = va_arg(argp, unsigned char *);
> results in a NULL 'data' and we then leave the function by returning
> -EINVAL. We also neglect calling va_end(argp) in that case and furthermore
> we neglect va_end(argp) if
> ret = crypto_shash_update(&sdesc->shash, data, dlen);
> results in ret being negative and we then jump to the 'out' label.
>
> I believe this patch takes care of these issues. Please review and
> consider for inclusion.
>
> Signed-off-by: Jesper Juhl <jj@chaosbits.net>
thanks for catching this.
Acked-by: David Safford <safford@watson.ibm.com>
> ---
> trusted_defined.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> compile tested only.
>
> diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
> index 975e9f2..0ec7ab8 100644
> --- a/security/keys/trusted_defined.c
> +++ b/security/keys/trusted_defined.c
> @@ -101,16 +101,18 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
> if (dlen == 0)
> break;
> data = va_arg(argp, unsigned char *);
> - if (data == NULL)
> - return -EINVAL;
> + if (data == NULL) {
> + ret = -EINVAL;
> + goto out;
> + }
> ret = crypto_shash_update(&sdesc->shash, data, dlen);
> if (ret < 0)
> goto out;
> }
> - va_end(argp);
> if (!ret)
> ret = crypto_shash_final(&sdesc->shash, digest);
> out:
> + va_end(argp);
> kfree(sdesc);
> return ret;
> }
>
>
>
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end()
2011-01-13 20:07 [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() Jesper Juhl
2011-01-14 13:28 ` David Safford
@ 2011-01-14 13:31 ` David Howells
1 sibling, 0 replies; 25+ messages in thread
From: David Howells @ 2011-01-14 13:31 UTC (permalink / raw)
To: Jesper Juhl, Mimi Zohar
Cc: dhowells, David Safford, James Morris, keyrings,
linux-security-module, linux-kernel
Jesper Juhl <jj@chaosbits.net> wrote:
> In security/keys/trusted_defined.c::TSS_rawhmac() we may leak the storage
> allocated to 'sdesc' if
> data = va_arg(argp, unsigned char *);
> results in a NULL 'data' and we then leave the function by returning
> -EINVAL. We also neglect calling va_end(argp) in that case and furthermore
> we neglect va_end(argp) if
> ret = crypto_shash_update(&sdesc->shash, data, dlen);
> results in ret being negative and we then jump to the 'out' label.
>
> I believe this patch takes care of these issues. Please review and
> consider for inclusion.
>
> Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: David Howells <dhowells@redhat.com>
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so wealways kfree() and remember to call va_end()
2011-01-14 13:28 ` David Safford
@ 2011-01-14 13:45 ` Tetsuo Handa
2011-01-14 14:07 ` Tetsuo Handa
0 siblings, 1 reply; 25+ messages in thread
From: Tetsuo Handa @ 2011-01-14 13:45 UTC (permalink / raw)
To: safford
Cc: dhowells, safford, jmorris, keyrings, linux-security-module,
linux-kernel
David Safford wrote:
> On Thu, 2011-01-13 at 21:07 +0100, Jesper Juhl wrote:
> > In security/keys/trusted_defined.c::TSS_rawhmac() we may leak the storage
> > allocated to 'sdesc' if
> > data = va_arg(argp, unsigned char *);
> > results in a NULL 'data' and we then leave the function by returning
> > -EINVAL. We also neglect calling va_end(argp) in that case and furthermore
> > we neglect va_end(argp) if
> > ret = crypto_shash_update(&sdesc->shash, data, dlen);
> > results in ret being negative and we then jump to the 'out' label.
> >
> > I believe this patch takes care of these issues. Please review and
> > consider for inclusion.
> >
> > Signed-off-by: Jesper Juhl <jj@chaosbits.net>
>
> thanks for catching this.
>
> Acked-by: David Safford <safford@watson.ibm.com>
Please wait. That patch is incorrect. I'm making patch now.
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so wealways kfree() and remember to call va_end()
2011-01-14 13:45 ` [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so wealways " Tetsuo Handa
@ 2011-01-14 14:07 ` Tetsuo Handa
2011-01-15 0:58 ` Tetsuo Handa
2011-01-16 14:04 ` Jesper Juhl
0 siblings, 2 replies; 25+ messages in thread
From: Tetsuo Handa @ 2011-01-14 14:07 UTC (permalink / raw)
To: safford
Cc: dhowells, safford, jmorris, keyrings, linux-security-module,
linux-kernel
Tetsuo Handa wrote:
> Please wait. That patch is incorrect. I'm making patch now.
I'm doing "git pull" now. Using 2.6.37-git11 instead.
James Morris wrote:
> It's queued in my for-linus branch, waiting to see what happens with
> http://marc.info/?l=linux-security-module&m=129494927918805&w=3
I think above patch is incorrect because va_end() might be called without
va_start(). C says va_start() without va_end() causes undefined behavior.
I think va_end() without va_start() causes undefined behavior as well.
[PATCH 1/3] Trusted and Encrypted Keys: fix memory leak.
Use "break" rather than "return"/"goto" in order to make sure that
va_end() is always called.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
security/keys/trusted_defined.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- linux-2.6.37-git11.orig/security/keys/trusted_defined.c
+++ linux-2.6.37-git11/security/keys/trusted_defined.c
@@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *di
if (dlen == 0)
break;
data = va_arg(argp, unsigned char *);
- if (data == NULL)
- return -EINVAL;
+ if (data == NULL) {
+ ret = -EINVAL;
+ break;
+ }
ret = crypto_shash_update(&sdesc->shash, data, dlen);
if (ret < 0)
- goto out;
+ break;
}
va_end(argp);
if (!ret)
By the way, TSS_authhmac() has similar code.
data = va_arg(argp, unsigned char *);
ret = crypto_shash_update(&sdesc->shash, data, dlen);
I don't know why we check for NULL in TSS_rawhmac(), but
I think we should check for NULL in TSS_authhmac() as well.
[PATCH 2/3] Trusted and Encrypted Keys: check for NULL.
Check for NULL in TSS_authhmac() as well as TSS_rawhmac().
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
security/keys/trusted_defined.c | 5 +++++
1 file changed, 5 insertions(+)
--- linux-2.6.37-git11.orig/security/keys/trusted_defined.c
+++ linux-2.6.37-git11/security/keys/trusted_defined.c
@@ -148,6 +148,11 @@ static int TSS_authhmac(unsigned char *d
if (dlen == 0)
break;
data = va_arg(argp, unsigned char *);
+ if (!data) {
+ ret = -EINVAL;
+ va_end(argp);
+ goto out;
+ }
ret = crypto_shash_update(&sdesc->shash, data, dlen);
if (ret < 0) {
va_end(argp);
Also, on the assumption that crypto_shash_init()/crypto_shash_update() return 0
on success and negative value otherwise, below cleanup is possible.
[PATCH 3/3] Trusted and Encrypted Keys: avoid goto within va_start()/va_end()
Avoid use of "goto" inside
va_start();
for (;;) {
}
va_end();
in order to avoid scattering va_end() inside the loop.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
security/keys/trusted_defined.c | 30 +++++++++++++-----------------
1 file changed, 13 insertions(+), 17 deletions(-)
--- linux-2.6.37-git11.orig/security/keys/trusted_defined.c
+++ linux-2.6.37-git11/security/keys/trusted_defined.c
@@ -150,17 +150,15 @@ static int TSS_authhmac(unsigned char *d
data = va_arg(argp, unsigned char *);
if (!data) {
ret = -EINVAL;
- va_end(argp);
- goto out;
+ break;
}
ret = crypto_shash_update(&sdesc->shash, data, dlen);
- if (ret < 0) {
- va_end(argp);
- goto out;
- }
+ if (ret < 0)
+ break;
}
va_end(argp);
- ret = crypto_shash_final(&sdesc->shash, paramdigest);
+ if (!ret)
+ ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (!ret)
ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE,
paramdigest, TPM_NONCE_SIZE, h1,
@@ -229,13 +227,12 @@ static int TSS_checkhmac1(unsigned char
break;
dpos = va_arg(argp, unsigned int);
ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
- if (ret < 0) {
- va_end(argp);
- goto out;
- }
+ if (ret < 0)
+ break;
}
va_end(argp);
- ret = crypto_shash_final(&sdesc->shash, paramdigest);
+ if (!ret)
+ ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (ret < 0)
goto out;
@@ -323,13 +320,12 @@ static int TSS_checkhmac2(unsigned char
break;
dpos = va_arg(argp, unsigned int);
ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
- if (ret < 0) {
- va_end(argp);
- goto out;
- }
+ if (ret < 0)
+ break;
}
va_end(argp);
- ret = crypto_shash_final(&sdesc->shash, paramdigest);
+ if (!ret)
+ ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (ret < 0)
goto out;
Not tested at all. Please review and test.
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so wealways kfree() and remember to call va_end()
2011-01-14 14:07 ` Tetsuo Handa
@ 2011-01-15 0:58 ` Tetsuo Handa
2011-01-16 14:04 ` Jesper Juhl
1 sibling, 0 replies; 25+ messages in thread
From: Tetsuo Handa @ 2011-01-15 0:58 UTC (permalink / raw)
To: safford, dhowells, jj
Cc: jmorris, keyrings, linux-security-module, linux-kernel
Tetsuo Handa wrote:
> Tetsuo Handa wrote:
> > Please wait. That patch is incorrect. I'm making patch now.
> I'm doing "git pull" now. Using 2.6.37-git11 instead.
"git pull" completed.
Refreshed using security-testing-2.6#for-linus and compile tested.
Please review and test.
From 161ec4ee18cc86b41277b9a92a8fb2e732b3662f Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Sat, 15 Jan 2011 05:23:53 +0900
Subject: [PATCH 1/3] trusted-keys: another free memory bugfix
TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and
forgot to call va_end() when crypto_shash_update() < 0.
Fix these bugs by escaping from the loop using "break"
(rather than "return"/"goto") in order to make sure that
va_end()/kfree() are always called.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
security/keys/trusted_defined.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
index 932f868..7b21795 100644
--- a/security/keys/trusted_defined.c
+++ b/security/keys/trusted_defined.c
@@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
if (dlen == 0)
break;
data = va_arg(argp, unsigned char *);
- if (data == NULL)
- return -EINVAL;
+ if (data == NULL) {
+ ret = -EINVAL;
+ break;
+ }
ret = crypto_shash_update(&sdesc->shash, data, dlen);
if (ret < 0)
- goto out;
+ break;
}
va_end(argp);
if (!ret)
--
1.6.1
From 06bbcce524ceedb404519cade2c592d66c251595 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Sat, 15 Jan 2011 05:40:51 +0900
Subject: [PATCH 2/3] trusted-keys: check for NULL before using it
TSS_rawhmac() checks for data != NULL before using it.
We should do the same thing for TSS_authhmac().
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
security/keys/trusted_defined.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
index 7b21795..f7d0677 100644
--- a/security/keys/trusted_defined.c
+++ b/security/keys/trusted_defined.c
@@ -148,6 +148,11 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
if (dlen == 0)
break;
data = va_arg(argp, unsigned char *);
+ if (!data) {
+ ret = -EINVAL;
+ va_end(argp);
+ goto out;
+ }
ret = crypto_shash_update(&sdesc->shash, data, dlen);
if (ret < 0) {
va_end(argp);
--
1.6.1
From b4d611a1489da65366ad3e72a00093be76d39fc5 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Sat, 15 Jan 2011 05:47:22 +0900
Subject: [PATCH 3/3] trusted-keys: avoid scattring va_end()
We can avoid scattering va_end() within the
va_start();
for (;;) {
}
va_end();
loop, assuming that crypto_shash_init()/crypto_shash_update() return 0 on
success and negative value otherwise.
Make TSS_authhmac()/TSS_checkhmac1()/TSS_checkhmac2() similar to TSS_rawhmac()
by removing "va_end()/goto" from the loop.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
security/keys/trusted_defined.c | 30 +++++++++++++-----------------
1 files changed, 13 insertions(+), 17 deletions(-)
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
index f7d0677..2836c6d 100644
--- a/security/keys/trusted_defined.c
+++ b/security/keys/trusted_defined.c
@@ -150,17 +150,15 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
data = va_arg(argp, unsigned char *);
if (!data) {
ret = -EINVAL;
- va_end(argp);
- goto out;
+ break;
}
ret = crypto_shash_update(&sdesc->shash, data, dlen);
- if (ret < 0) {
- va_end(argp);
- goto out;
- }
+ if (ret < 0)
+ break;
}
va_end(argp);
- ret = crypto_shash_final(&sdesc->shash, paramdigest);
+ if (!ret)
+ ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (!ret)
ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE,
paramdigest, TPM_NONCE_SIZE, h1,
@@ -229,13 +227,12 @@ static int TSS_checkhmac1(unsigned char *buffer,
break;
dpos = va_arg(argp, unsigned int);
ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
- if (ret < 0) {
- va_end(argp);
- goto out;
- }
+ if (ret < 0)
+ break;
}
va_end(argp);
- ret = crypto_shash_final(&sdesc->shash, paramdigest);
+ if (!ret)
+ ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (ret < 0)
goto out;
@@ -323,13 +320,12 @@ static int TSS_checkhmac2(unsigned char *buffer,
break;
dpos = va_arg(argp, unsigned int);
ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
- if (ret < 0) {
- va_end(argp);
- goto out;
- }
+ if (ret < 0)
+ break;
}
va_end(argp);
- ret = crypto_shash_final(&sdesc->shash, paramdigest);
+ if (!ret)
+ ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (ret < 0)
goto out;
--
1.6.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so wealways kfree() and remember to call va_end()
2011-01-14 14:07 ` Tetsuo Handa
2011-01-15 0:58 ` Tetsuo Handa
@ 2011-01-16 14:04 ` Jesper Juhl
2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa
2011-01-17 9:33 ` David Howells
1 sibling, 2 replies; 25+ messages in thread
From: Jesper Juhl @ 2011-01-16 14:04 UTC (permalink / raw)
To: Tetsuo Handa
Cc: safford, dhowells, safford, jmorris, keyrings,
linux-security-module, linux-kernel
On Fri, 14 Jan 2011, Tetsuo Handa wrote:
> Tetsuo Handa wrote:
> > Please wait. That patch is incorrect. I'm making patch now.
> I'm doing "git pull" now. Using 2.6.37-git11 instead.
>
> James Morris wrote:
> > It's queued in my for-linus branch, waiting to see what happens with
> > http://marc.info/?l=linux-security-module&m=129494927918805&w=3
>
> I think above patch is incorrect because va_end() might be called without
> va_start(). C says va_start() without va_end() causes undefined behavior.
> I think va_end() without va_start() causes undefined behavior as well.
>
I agree. Your patches are better. Thanks.
--
Jesper Juhl <jj@chaosbits.net> http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.
^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 1/3] trusted-keys: another free memory bugfix
2011-01-16 14:04 ` Jesper Juhl
@ 2011-01-17 0:39 ` Tetsuo Handa
2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa
` (4 more replies)
2011-01-17 9:33 ` David Howells
1 sibling, 5 replies; 25+ messages in thread
From: Tetsuo Handa @ 2011-01-17 0:39 UTC (permalink / raw)
To: safford, safford
Cc: jj, dhowells, jmorris, keyrings, linux-security-module, linux-kernel
Resending in separated mails in case somebody missed that
there was 3 patches in one mail.
----------------------------------------
>From 94e965700f1e401408836d4aa782105483196842 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Mon, 17 Jan 2011 09:22:47 +0900
Subject: [PATCH 1/3] trusted-keys: another free memory bugfix
TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and
forgot to call va_end() when crypto_shash_update() < 0.
Fix these bugs by escaping from the loop using "break"
(rather than "return"/"goto") in order to make sure that
va_end()/kfree() are always called.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
security/keys/trusted_defined.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
index 932f868..7b21795 100644
--- a/security/keys/trusted_defined.c
+++ b/security/keys/trusted_defined.c
@@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
if (dlen == 0)
break;
data = va_arg(argp, unsigned char *);
- if (data == NULL)
- return -EINVAL;
+ if (data == NULL) {
+ ret = -EINVAL;
+ break;
+ }
ret = crypto_shash_update(&sdesc->shash, data, dlen);
if (ret < 0)
- goto out;
+ break;
}
va_end(argp);
if (!ret)
--
1.7.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 2/3] trusted-keys: check for NULL before using it
2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa
@ 2011-01-17 0:41 ` Tetsuo Handa
2011-01-17 0:44 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() Tetsuo Handa
` (3 more replies)
2011-01-17 9:34 ` David Howells
` (3 subsequent siblings)
4 siblings, 4 replies; 25+ messages in thread
From: Tetsuo Handa @ 2011-01-17 0:41 UTC (permalink / raw)
To: safford, safford
Cc: jj, dhowells, jmorris, keyrings, linux-security-module, linux-kernel
>From 8118c3d0d6f2b291d56e2f4475f2aa5156299cf3 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Mon, 17 Jan 2011 09:25:34 +0900
Subject: [PATCH 2/3] trusted-keys: check for NULL before using it
TSS_rawhmac() checks for data != NULL before using it.
We should do the same thing for TSS_authhmac().
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
security/keys/trusted_defined.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
index 7b21795..f7d0677 100644
--- a/security/keys/trusted_defined.c
+++ b/security/keys/trusted_defined.c
@@ -148,6 +148,11 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
if (dlen == 0)
break;
data = va_arg(argp, unsigned char *);
+ if (!data) {
+ ret = -EINVAL;
+ va_end(argp);
+ goto out;
+ }
ret = crypto_shash_update(&sdesc->shash, data, dlen);
if (ret < 0) {
va_end(argp);
--
1.7.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 3/3] trusted-keys: avoid scattring va_end()
2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa
@ 2011-01-17 0:44 ` Tetsuo Handa
2011-01-17 18:36 ` Jesper Juhl
2011-01-17 21:06 ` Mimi Zohar
2011-01-17 9:39 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() David Howells
` (2 subsequent siblings)
3 siblings, 2 replies; 25+ messages in thread
From: Tetsuo Handa @ 2011-01-17 0:44 UTC (permalink / raw)
To: safford, safford
Cc: jj, dhowells, jmorris, keyrings, linux-security-module, linux-kernel
>From 65b41710a476deae2e0899a4df40c02d199a4ee3 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Mon, 17 Jan 2011 09:27:27 +0900
Subject: [PATCH 3/3] trusted-keys: avoid scattring va_end()
We can avoid scattering va_end() within the
va_start();
for (;;) {
}
va_end();
loop, assuming that crypto_shash_init()/crypto_shash_update() return 0 on
success and negative value otherwise.
Make TSS_authhmac()/TSS_checkhmac1()/TSS_checkhmac2() similar to TSS_rawhmac()
by removing "va_end()/goto" from the loop.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
security/keys/trusted_defined.c | 30 +++++++++++++-----------------
1 files changed, 13 insertions(+), 17 deletions(-)
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
index f7d0677..2836c6d 100644
--- a/security/keys/trusted_defined.c
+++ b/security/keys/trusted_defined.c
@@ -150,17 +150,15 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
data = va_arg(argp, unsigned char *);
if (!data) {
ret = -EINVAL;
- va_end(argp);
- goto out;
+ break;
}
ret = crypto_shash_update(&sdesc->shash, data, dlen);
- if (ret < 0) {
- va_end(argp);
- goto out;
- }
+ if (ret < 0)
+ break;
}
va_end(argp);
- ret = crypto_shash_final(&sdesc->shash, paramdigest);
+ if (!ret)
+ ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (!ret)
ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE,
paramdigest, TPM_NONCE_SIZE, h1,
@@ -229,13 +227,12 @@ static int TSS_checkhmac1(unsigned char *buffer,
break;
dpos = va_arg(argp, unsigned int);
ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
- if (ret < 0) {
- va_end(argp);
- goto out;
- }
+ if (ret < 0)
+ break;
}
va_end(argp);
- ret = crypto_shash_final(&sdesc->shash, paramdigest);
+ if (!ret)
+ ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (ret < 0)
goto out;
@@ -323,13 +320,12 @@ static int TSS_checkhmac2(unsigned char *buffer,
break;
dpos = va_arg(argp, unsigned int);
ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
- if (ret < 0) {
- va_end(argp);
- goto out;
- }
+ if (ret < 0)
+ break;
}
va_end(argp);
- ret = crypto_shash_final(&sdesc->shash, paramdigest);
+ if (!ret)
+ ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (ret < 0)
goto out;
--
1.7.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 1/3] trusted-keys: another free memory bugfix
2011-01-16 14:04 ` Jesper Juhl
2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa
@ 2011-01-17 9:33 ` David Howells
1 sibling, 0 replies; 25+ messages in thread
From: David Howells @ 2011-01-17 9:33 UTC (permalink / raw)
To: Tetsuo Handa
Cc: dhowells, safford, safford, jj, jmorris, keyrings,
linux-security-module, linux-kernel
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote:
> From 94e965700f1e401408836d4aa782105483196842 Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Date: Mon, 17 Jan 2011 09:22:47 +0900
> Subject: [PATCH 1/3] trusted-keys: another free memory bugfix
>
> TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and
> forgot to call va_end() when crypto_shash_update() < 0.
> Fix these bugs by escaping from the loop using "break"
> (rather than "return"/"goto") in order to make sure that
> va_end()/kfree() are always called.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: David Howells <dhowells@redhat.com>
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 2/3] trusted-keys: check for NULL before using it
2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa
2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa
@ 2011-01-17 9:34 ` David Howells
2011-01-17 18:34 ` [PATCH 1/3] trusted-keys: another free memory bugfix Jesper Juhl
` (2 subsequent siblings)
4 siblings, 0 replies; 25+ messages in thread
From: David Howells @ 2011-01-17 9:34 UTC (permalink / raw)
To: Tetsuo Handa
Cc: dhowells, safford, safford, jj, jmorris, keyrings,
linux-security-module, linux-kernel
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote:
> From 8118c3d0d6f2b291d56e2f4475f2aa5156299cf3 Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Date: Mon, 17 Jan 2011 09:25:34 +0900
> Subject: [PATCH 2/3] trusted-keys: check for NULL before using it
>
> TSS_rawhmac() checks for data != NULL before using it.
> We should do the same thing for TSS_authhmac().
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: David Howells <dhowells@redhat.com>
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 3/3] trusted-keys: avoid scattring va_end()
2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa
2011-01-17 0:44 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() Tetsuo Handa
@ 2011-01-17 9:39 ` David Howells
2011-01-17 18:35 ` [PATCH 2/3] trusted-keys: check for NULL before using it Jesper Juhl
2011-01-17 21:02 ` Mimi Zohar
3 siblings, 0 replies; 25+ messages in thread
From: David Howells @ 2011-01-17 9:39 UTC (permalink / raw)
To: Tetsuo Handa
Cc: dhowells, safford, safford, jj, jmorris, keyrings,
linux-security-module, linux-kernel
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote:
> From 65b41710a476deae2e0899a4df40c02d199a4ee3 Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Date: Mon, 17 Jan 2011 09:27:27 +0900
> Subject: [PATCH 3/3] trusted-keys: avoid scattring va_end()
>
> We can avoid scattering va_end() within the
>
> va_start();
> for (;;) {
>
> }
> va_end();
>
> loop, assuming that crypto_shash_init()/crypto_shash_update() return 0 on
> success and negative value otherwise.
>
> Make TSS_authhmac()/TSS_checkhmac1()/TSS_checkhmac2() similar to TSS_rawhmac()
> by removing "va_end()/goto" from the loop.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: David Howells <dhowells@redhat.com>
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 1/3] trusted-keys: another free memory bugfix
2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa
2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa
2011-01-17 9:34 ` David Howells
@ 2011-01-17 18:34 ` Jesper Juhl
2011-01-17 21:01 ` Mimi Zohar
2011-01-18 22:55 ` James Morris
4 siblings, 0 replies; 25+ messages in thread
From: Jesper Juhl @ 2011-01-17 18:34 UTC (permalink / raw)
To: Tetsuo Handa
Cc: safford, safford, dhowells, jmorris, keyrings,
linux-security-module, linux-kernel
On Mon, 17 Jan 2011, Tetsuo Handa wrote:
> Resending in separated mails in case somebody missed that
> there was 3 patches in one mail.
> ----------------------------------------
> >From 94e965700f1e401408836d4aa782105483196842 Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Date: Mon, 17 Jan 2011 09:22:47 +0900
> Subject: [PATCH 1/3] trusted-keys: another free memory bugfix
>
> TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and
> forgot to call va_end() when crypto_shash_update() < 0.
> Fix these bugs by escaping from the loop using "break"
> (rather than "return"/"goto") in order to make sure that
> va_end()/kfree() are always called.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> ---
> security/keys/trusted_defined.c | 8 +++++---
> 1 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
> index 932f868..7b21795 100644
> --- a/security/keys/trusted_defined.c
> +++ b/security/keys/trusted_defined.c
> @@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
> if (dlen == 0)
> break;
> data = va_arg(argp, unsigned char *);
> - if (data == NULL)
> - return -EINVAL;
> + if (data == NULL) {
> + ret = -EINVAL;
> + break;
> + }
> ret = crypto_shash_update(&sdesc->shash, data, dlen);
> if (ret < 0)
> - goto out;
> + break;
> }
> va_end(argp);
> if (!ret)
>
Looks good to me.
Reviewed-by: Jesper Juhl <jj@chaosbits.net>
--
Jesper Juhl <jj@chaosbits.net> http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 2/3] trusted-keys: check for NULL before using it
2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa
2011-01-17 0:44 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() Tetsuo Handa
2011-01-17 9:39 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() David Howells
@ 2011-01-17 18:35 ` Jesper Juhl
2011-01-17 21:02 ` Mimi Zohar
3 siblings, 0 replies; 25+ messages in thread
From: Jesper Juhl @ 2011-01-17 18:35 UTC (permalink / raw)
To: Tetsuo Handa
Cc: safford, safford, dhowells, jmorris, keyrings,
linux-security-module, linux-kernel
On Mon, 17 Jan 2011, Tetsuo Handa wrote:
> >From 8118c3d0d6f2b291d56e2f4475f2aa5156299cf3 Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Date: Mon, 17 Jan 2011 09:25:34 +0900
> Subject: [PATCH 2/3] trusted-keys: check for NULL before using it
>
> TSS_rawhmac() checks for data != NULL before using it.
> We should do the same thing for TSS_authhmac().
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> ---
> security/keys/trusted_defined.c | 5 +++++
> 1 files changed, 5 insertions(+), 0 deletions(-)
>
> diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
> index 7b21795..f7d0677 100644
> --- a/security/keys/trusted_defined.c
> +++ b/security/keys/trusted_defined.c
> @@ -148,6 +148,11 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
> if (dlen == 0)
> break;
> data = va_arg(argp, unsigned char *);
> + if (!data) {
> + ret = -EINVAL;
> + va_end(argp);
> + goto out;
> + }
> ret = crypto_shash_update(&sdesc->shash, data, dlen);
> if (ret < 0) {
> va_end(argp);
>
Looks good to me..
Reviewed-by: Jesper Juhl <jj@chaosbits.net>
--
Jesper Juhl <jj@chaosbits.net> http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 3/3] trusted-keys: avoid scattring va_end()
2011-01-17 0:44 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() Tetsuo Handa
@ 2011-01-17 18:36 ` Jesper Juhl
2011-01-17 21:06 ` Mimi Zohar
1 sibling, 0 replies; 25+ messages in thread
From: Jesper Juhl @ 2011-01-17 18:36 UTC (permalink / raw)
To: Tetsuo Handa
Cc: safford, safford, dhowells, jmorris, keyrings,
linux-security-module, linux-kernel
On Mon, 17 Jan 2011, Tetsuo Handa wrote:
> >From 65b41710a476deae2e0899a4df40c02d199a4ee3 Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Date: Mon, 17 Jan 2011 09:27:27 +0900
> Subject: [PATCH 3/3] trusted-keys: avoid scattring va_end()
>
> We can avoid scattering va_end() within the
>
> va_start();
> for (;;) {
>
> }
> va_end();
>
> loop, assuming that crypto_shash_init()/crypto_shash_update() return 0 on
> success and negative value otherwise.
>
> Make TSS_authhmac()/TSS_checkhmac1()/TSS_checkhmac2() similar to TSS_rawhmac()
> by removing "va_end()/goto" from the loop.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> ---
> security/keys/trusted_defined.c | 30 +++++++++++++-----------------
> 1 files changed, 13 insertions(+), 17 deletions(-)
>
> diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
> index f7d0677..2836c6d 100644
> --- a/security/keys/trusted_defined.c
> +++ b/security/keys/trusted_defined.c
> @@ -150,17 +150,15 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
> data = va_arg(argp, unsigned char *);
> if (!data) {
> ret = -EINVAL;
> - va_end(argp);
> - goto out;
> + break;
> }
> ret = crypto_shash_update(&sdesc->shash, data, dlen);
> - if (ret < 0) {
> - va_end(argp);
> - goto out;
> - }
> + if (ret < 0)
> + break;
> }
> va_end(argp);
> - ret = crypto_shash_final(&sdesc->shash, paramdigest);
> + if (!ret)
> + ret = crypto_shash_final(&sdesc->shash, paramdigest);
> if (!ret)
> ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE,
> paramdigest, TPM_NONCE_SIZE, h1,
> @@ -229,13 +227,12 @@ static int TSS_checkhmac1(unsigned char *buffer,
> break;
> dpos = va_arg(argp, unsigned int);
> ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
> - if (ret < 0) {
> - va_end(argp);
> - goto out;
> - }
> + if (ret < 0)
> + break;
> }
> va_end(argp);
> - ret = crypto_shash_final(&sdesc->shash, paramdigest);
> + if (!ret)
> + ret = crypto_shash_final(&sdesc->shash, paramdigest);
> if (ret < 0)
> goto out;
>
> @@ -323,13 +320,12 @@ static int TSS_checkhmac2(unsigned char *buffer,
> break;
> dpos = va_arg(argp, unsigned int);
> ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
> - if (ret < 0) {
> - va_end(argp);
> - goto out;
> - }
> + if (ret < 0)
> + break;
> }
> va_end(argp);
> - ret = crypto_shash_final(&sdesc->shash, paramdigest);
> + if (!ret)
> + ret = crypto_shash_final(&sdesc->shash, paramdigest);
> if (ret < 0)
> goto out;
>
>
Looks good to me...
Reviewed-by: Jesper Juhl <jj@chaosbits.net>
--
Jesper Juhl <jj@chaosbits.net> http://www.chaosbits.net/
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please.
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 1/3] trusted-keys: another free memory bugfix
2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa
` (2 preceding siblings ...)
2011-01-17 18:34 ` [PATCH 1/3] trusted-keys: another free memory bugfix Jesper Juhl
@ 2011-01-17 21:01 ` Mimi Zohar
2011-01-18 22:55 ` James Morris
4 siblings, 0 replies; 25+ messages in thread
From: Mimi Zohar @ 2011-01-17 21:01 UTC (permalink / raw)
To: Tetsuo Handa
Cc: safford, David Safford, jj, dhowells, jmorris, keyrings,
linux-security-module, linux-kernel
On Mon, 2011-01-17 at 09:39 +0900, Tetsuo Handa wrote:
> Resending in separated mails in case somebody missed that
> there was 3 patches in one mail.
> ----------------------------------------
> From 94e965700f1e401408836d4aa782105483196842 Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Date: Mon, 17 Jan 2011 09:22:47 +0900
> Subject: [PATCH 1/3] trusted-keys: another free memory bugfix
>
> TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and
> forgot to call va_end() when crypto_shash_update() < 0.
> Fix these bugs by escaping from the loop using "break"
> (rather than "return"/"goto") in order to make sure that
> va_end()/kfree() are always called.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
> ---
> security/keys/trusted_defined.c | 8 +++++---
> 1 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
> index 932f868..7b21795 100644
> --- a/security/keys/trusted_defined.c
> +++ b/security/keys/trusted_defined.c
> @@ -101,11 +101,13 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
> if (dlen == 0)
> break;
> data = va_arg(argp, unsigned char *);
> - if (data == NULL)
> - return -EINVAL;
> + if (data == NULL) {
> + ret = -EINVAL;
> + break;
> + }
> ret = crypto_shash_update(&sdesc->shash, data, dlen);
> if (ret < 0)
> - goto out;
> + break;
> }
> va_end(argp);
> if (!ret)
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 2/3] trusted-keys: check for NULL before using it
2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa
` (2 preceding siblings ...)
2011-01-17 18:35 ` [PATCH 2/3] trusted-keys: check for NULL before using it Jesper Juhl
@ 2011-01-17 21:02 ` Mimi Zohar
3 siblings, 0 replies; 25+ messages in thread
From: Mimi Zohar @ 2011-01-17 21:02 UTC (permalink / raw)
To: Tetsuo Handa
Cc: safford, David Safford, jj, dhowells, jmorris, keyrings,
linux-security-module, linux-kernel
On Mon, 2011-01-17 at 09:41 +0900, Tetsuo Handa wrote:
> From 8118c3d0d6f2b291d56e2f4475f2aa5156299cf3 Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Date: Mon, 17 Jan 2011 09:25:34 +0900
> Subject: [PATCH 2/3] trusted-keys: check for NULL before using it
>
> TSS_rawhmac() checks for data != NULL before using it.
> We should do the same thing for TSS_authhmac().
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
> ---
> security/keys/trusted_defined.c | 5 +++++
> 1 files changed, 5 insertions(+), 0 deletions(-)
>
> diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
> index 7b21795..f7d0677 100644
> --- a/security/keys/trusted_defined.c
> +++ b/security/keys/trusted_defined.c
> @@ -148,6 +148,11 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
> if (dlen == 0)
> break;
> data = va_arg(argp, unsigned char *);
> + if (!data) {
> + ret = -EINVAL;
> + va_end(argp);
> + goto out;
> + }
> ret = crypto_shash_update(&sdesc->shash, data, dlen);
> if (ret < 0) {
> va_end(argp);
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 3/3] trusted-keys: avoid scattring va_end()
2011-01-17 0:44 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() Tetsuo Handa
2011-01-17 18:36 ` Jesper Juhl
@ 2011-01-17 21:06 ` Mimi Zohar
2011-01-18 1:39 ` [PATCH 3/3] trusted-keys: small cleanup Tetsuo Handa
1 sibling, 1 reply; 25+ messages in thread
From: Mimi Zohar @ 2011-01-17 21:06 UTC (permalink / raw)
To: Tetsuo Handa
Cc: safford, David Safford, jj, dhowells, jmorris, keyrings,
linux-security-module, linux-kernel
On Mon, 2011-01-17 at 09:44 +0900, Tetsuo Handa wrote:
> From 65b41710a476deae2e0899a4df40c02d199a4ee3 Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Date: Mon, 17 Jan 2011 09:27:27 +0900
> Subject: [PATCH 3/3] trusted-keys: avoid scattring va_end()
>
> We can avoid scattering va_end() within the
>
> va_start();
> for (;;) {
>
> }
> va_end();
>
> loop, assuming that crypto_shash_init()/crypto_shash_update() return 0 on
> success and negative value otherwise.
>
> Make TSS_authhmac()/TSS_checkhmac1()/TSS_checkhmac2() similar to TSS_rawhmac()
> by removing "va_end()/goto" from the loop.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
The patch looks good. Would you mind making the one change below?
Acked-by: Mimi Zohar <zohar@us.ibm.com>
> ---
> security/keys/trusted_defined.c | 30 +++++++++++++-----------------
> 1 files changed, 13 insertions(+), 17 deletions(-)
>
> diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
> index f7d0677..2836c6d 100644
> --- a/security/keys/trusted_defined.c
> +++ b/security/keys/trusted_defined.c
> @@ -150,17 +150,15 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
> data = va_arg(argp, unsigned char *);
> if (!data) {
> ret = -EINVAL;
> - va_end(argp);
> - goto out;
> + break;
> }
> ret = crypto_shash_update(&sdesc->shash, data, dlen);
> - if (ret < 0) {
> - va_end(argp);
> - goto out;
> - }
> + if (ret < 0)
> + break;
> }
> va_end(argp);
> - ret = crypto_shash_final(&sdesc->shash, paramdigest);
> + if (!ret)
> + ret = crypto_shash_final(&sdesc->shash, paramdigest);
> if (!ret)
Change the existing '(!ret)' to '(ret < 0)', like the rest of the code?
It's not wrong, but ....
> ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE,
> paramdigest, TPM_NONCE_SIZE, h1,
> @@ -229,13 +227,12 @@ static int TSS_checkhmac1(unsigned char *buffer,
> break;
> dpos = va_arg(argp, unsigned int);
> ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
> - if (ret < 0) {
> - va_end(argp);
> - goto out;
> - }
> + if (ret < 0)
> + break;
> }
> va_end(argp);
> - ret = crypto_shash_final(&sdesc->shash, paramdigest);
> + if (!ret)
> + ret = crypto_shash_final(&sdesc->shash, paramdigest);
> if (ret < 0)
> goto out;
>
> @@ -323,13 +320,12 @@ static int TSS_checkhmac2(unsigned char *buffer,
> break;
> dpos = va_arg(argp, unsigned int);
> ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
> - if (ret < 0) {
> - va_end(argp);
> - goto out;
> - }
> + if (ret < 0)
> + break;
> }
> va_end(argp);
> - ret = crypto_shash_final(&sdesc->shash, paramdigest);
> + if (!ret)
> + ret = crypto_shash_final(&sdesc->shash, paramdigest);
> if (ret < 0)
> goto out;
>
^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 3/3] trusted-keys: small cleanup
2011-01-17 21:06 ` Mimi Zohar
@ 2011-01-18 1:39 ` Tetsuo Handa
2011-01-18 9:26 ` Mimi Zohar
0 siblings, 1 reply; 25+ messages in thread
From: Tetsuo Handa @ 2011-01-18 1:39 UTC (permalink / raw)
To: zohar
Cc: safford, safford, jj, dhowells, jmorris, keyrings,
linux-security-module, linux-kernel
Mimi Zohar wrote:
> Change the existing '(!ret)' to '(ret < 0)', like the rest of the code?
> It's not wrong, but ....
Something like this?
----------------------------------------
>From 9793efa6fbef62d9e85a06c329761c081ff804c5 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Tue, 18 Jan 2011 10:14:32 +0900
Subject: [PATCH 3/3] trusted-keys: small cleanup
We can avoid scattering va_end() by changing from
initialize();
va_start();
for (;;) {
if (error condition) {
va_end();
goto out;
}
}
va_end();
if (error condition)
goto out;
finalize();
out:
to
initialize();
va_start();
for (;;) {
if (error condition)
break;
}
va_end();
if (error condition)
goto out;
finalize();
out:
.
Also, use
if (ret < 0)
goto out;
rather than
if (!ret)
ret = do_something();
to clarify error condition.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
security/keys/trusted_defined.c | 43 ++++++++++++++++++++-------------------
1 files changed, 22 insertions(+), 21 deletions(-)
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
index f7d0677..bc04de1 100644
--- a/security/keys/trusted_defined.c
+++ b/security/keys/trusted_defined.c
@@ -101,7 +101,7 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
if (dlen == 0)
break;
data = va_arg(argp, unsigned char *);
- if (data == NULL) {
+ if (!data) {
ret = -EINVAL;
break;
}
@@ -110,8 +110,9 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
break;
}
va_end(argp);
- if (!ret)
- ret = crypto_shash_final(&sdesc->shash, digest);
+ if (ret < 0)
+ goto out;
+ ret = crypto_shash_final(&sdesc->shash, digest);
out:
kfree(sdesc);
return ret;
@@ -150,21 +151,21 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key,
data = va_arg(argp, unsigned char *);
if (!data) {
ret = -EINVAL;
- va_end(argp);
- goto out;
+ break;
}
ret = crypto_shash_update(&sdesc->shash, data, dlen);
- if (ret < 0) {
- va_end(argp);
- goto out;
- }
+ if (ret < 0)
+ break;
}
va_end(argp);
+ if (ret < 0)
+ goto out;
ret = crypto_shash_final(&sdesc->shash, paramdigest);
- if (!ret)
- ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE,
- paramdigest, TPM_NONCE_SIZE, h1,
- TPM_NONCE_SIZE, h2, 1, &c, 0, 0);
+ if (ret < 0)
+ goto out;
+ ret = TSS_rawhmac(digest, key, keylen, SHA1_DIGEST_SIZE,
+ paramdigest, TPM_NONCE_SIZE, h1,
+ TPM_NONCE_SIZE, h2, 1, &c, 0, 0);
out:
kfree(sdesc);
return ret;
@@ -229,12 +230,12 @@ static int TSS_checkhmac1(unsigned char *buffer,
break;
dpos = va_arg(argp, unsigned int);
ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
- if (ret < 0) {
- va_end(argp);
- goto out;
- }
+ if (ret < 0)
+ break;
}
va_end(argp);
+ if (ret < 0)
+ goto out;
ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (ret < 0)
goto out;
@@ -323,12 +324,12 @@ static int TSS_checkhmac2(unsigned char *buffer,
break;
dpos = va_arg(argp, unsigned int);
ret = crypto_shash_update(&sdesc->shash, buffer + dpos, dlen);
- if (ret < 0) {
- va_end(argp);
- goto out;
- }
+ if (ret < 0)
+ break;
}
va_end(argp);
+ if (ret < 0)
+ goto out;
ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (ret < 0)
goto out;
--
1.7.1
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 3/3] trusted-keys: small cleanup
2011-01-18 1:39 ` [PATCH 3/3] trusted-keys: small cleanup Tetsuo Handa
@ 2011-01-18 9:26 ` Mimi Zohar
2011-01-18 11:03 ` Tetsuo Handa
0 siblings, 1 reply; 25+ messages in thread
From: Mimi Zohar @ 2011-01-18 9:26 UTC (permalink / raw)
To: Tetsuo Handa
Cc: safford, safford, jj, dhowells, jmorris, keyrings,
linux-security-module, linux-kernel
On Tue, 2011-01-18 at 10:39 +0900, Tetsuo Handa wrote:
> Mimi Zohar wrote:
> > Change the existing '(!ret)' to '(ret < 0)', like the rest of the code?
> > It's not wrong, but ....
>
> Something like this?
Actually, I was only asking for a one line change in the patch.
> > va_end(argp);
> > - ret = crypto_shash_final(&sdesc->shash, paramdigest);
> > + if (!ret)
> > + ret = crypto_shash_final(&sdesc->shash, paramdigest);
> > if (!ret)
Change the second '(!ret)' here, the crypto_shash_file() return code
test, from '(!ret)' to '(ret < 0)', like the other crypto_shash_file()
tests.
Thanks!
Mimi
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 3/3] trusted-keys: small cleanup
2011-01-18 9:26 ` Mimi Zohar
@ 2011-01-18 11:03 ` Tetsuo Handa
2011-01-18 11:28 ` Mimi Zohar
0 siblings, 1 reply; 25+ messages in thread
From: Tetsuo Handa @ 2011-01-18 11:03 UTC (permalink / raw)
To: zohar
Cc: safford, safford, jj, dhowells, jmorris, keyrings,
linux-security-module, linux-kernel
Mimi Zohar wrote:
> > > va_end(argp);
> > > - ret = crypto_shash_final(&sdesc->shash, paramdigest);
> > > + if (!ret)
> > > + ret = crypto_shash_final(&sdesc->shash, paramdigest);
> > > if (!ret)
>
> Change the second '(!ret)' here, the crypto_shash_file() return code
> test, from '(!ret)' to '(ret < 0)', like the other crypto_shash_file()
> tests.
Did you mean changing from
if (!ret)
ret = crypto_shash_final(&sdesc->shash, paramdigest);
to
if (ret < 0)
ret = crypto_shash_final(&sdesc->shash, paramdigest);
(i.e. invert the condition)?
I'm confused. Would you make the patch by yourself?
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 3/3] trusted-keys: small cleanup
2011-01-18 11:03 ` Tetsuo Handa
@ 2011-01-18 11:28 ` Mimi Zohar
2011-01-18 11:42 ` Mimi Zohar
0 siblings, 1 reply; 25+ messages in thread
From: Mimi Zohar @ 2011-01-18 11:28 UTC (permalink / raw)
To: Tetsuo Handa
Cc: safford, safford, jj, dhowells, jmorris, keyrings,
linux-security-module, linux-kernel
On Tue, 2011-01-18 at 20:03 +0900, Tetsuo Handa wrote:
> Mimi Zohar wrote:
> > > > va_end(argp);
> > > > - ret = crypto_shash_final(&sdesc->shash, paramdigest);
> > > > + if (!ret)
> > > > + ret = crypto_shash_final(&sdesc->shash, paramdigest);
> > > > if (!ret)
> >
> > Change the second '(!ret)' here, the crypto_shash_file() return code
> > test, from '(!ret)' to '(ret < 0)', like the other crypto_shash_file()
> > tests.
>
> Did you mean changing from
>
> if (!ret)
> ret = crypto_shash_final(&sdesc->shash, paramdigest);
>
> to
>
> if (ret < 0)
> ret = crypto_shash_final(&sdesc->shash, paramdigest);
>
> (i.e. invert the condition)?
Wrong '(!ret)'. Instead of:
va_end(argp);
if (!ret)
ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (!ret)
do:
va_end(argp);
if (!ret)
ret = crypto_shash_final(&sdesc->shash, paramdigest);
if (ret < 0)
> I'm confused. Would you make the patch by yourself?
It's only for consistency, not that important.
thanks,
Mimi
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 3/3] trusted-keys: small cleanup
2011-01-18 11:28 ` Mimi Zohar
@ 2011-01-18 11:42 ` Mimi Zohar
0 siblings, 0 replies; 25+ messages in thread
From: Mimi Zohar @ 2011-01-18 11:42 UTC (permalink / raw)
To: Tetsuo Handa
Cc: safford, David Safford, jj, dhowells, jmorris, keyrings,
linux-security-module, linux-kernel
On Tue, 2011-01-18 at 06:28 -0500, Mimi Zohar wrote:
> On Tue, 2011-01-18 at 20:03 +0900, Tetsuo Handa wrote:
> > Mimi Zohar wrote:
> > > > > va_end(argp);
> > > > > - ret = crypto_shash_final(&sdesc->shash, paramdigest);
> > > > > + if (!ret)
> > > > > + ret = crypto_shash_final(&sdesc->shash, paramdigest);
> > > > > if (!ret)
> > >
> > > Change the second '(!ret)' here, the crypto_shash_file() return code
> > > test, from '(!ret)' to '(ret < 0)', like the other crypto_shash_file()
> > > tests.
> >
> > Did you mean changing from
> >
> > if (!ret)
> > ret = crypto_shash_final(&sdesc->shash, paramdigest);
> >
> > to
> >
> > if (ret < 0)
> > ret = crypto_shash_final(&sdesc->shash, paramdigest);
> >
> > (i.e. invert the condition)?
>
> Wrong '(!ret)'. Instead of:
> va_end(argp);
> if (!ret)
> ret = crypto_shash_final(&sdesc->shash, paramdigest);
> if (!ret)
>
> do:
> va_end(argp);
> if (!ret)
> ret = crypto_shash_final(&sdesc->shash, paramdigest);
> if (ret < 0)
>
> > I'm confused. Would you make the patch by yourself?
>
> It's only for consistency, not that important.
>
> thanks,
>
> Mimi
James, the original patch is fine as is.
thanks,
Mimi
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 1/3] trusted-keys: another free memory bugfix
2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa
` (3 preceding siblings ...)
2011-01-17 21:01 ` Mimi Zohar
@ 2011-01-18 22:55 ` James Morris
4 siblings, 0 replies; 25+ messages in thread
From: James Morris @ 2011-01-18 22:55 UTC (permalink / raw)
To: Tetsuo Handa
Cc: safford, safford, jj, dhowells, keyrings, linux-security-module,
linux-kernel
On Mon, 17 Jan 2011, Tetsuo Handa wrote:
> Resending in separated mails in case somebody missed that
> there was 3 patches in one mail.
All applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#for-linus
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 25+ messages in thread
end of thread, other threads:[~2011-01-18 22:55 UTC | newest]
Thread overview: 25+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-01-13 20:07 [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() Jesper Juhl
2011-01-14 13:28 ` David Safford
2011-01-14 13:45 ` [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so wealways " Tetsuo Handa
2011-01-14 14:07 ` Tetsuo Handa
2011-01-15 0:58 ` Tetsuo Handa
2011-01-16 14:04 ` Jesper Juhl
2011-01-17 0:39 ` [PATCH 1/3] trusted-keys: another free memory bugfix Tetsuo Handa
2011-01-17 0:41 ` [PATCH 2/3] trusted-keys: check for NULL before using it Tetsuo Handa
2011-01-17 0:44 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() Tetsuo Handa
2011-01-17 18:36 ` Jesper Juhl
2011-01-17 21:06 ` Mimi Zohar
2011-01-18 1:39 ` [PATCH 3/3] trusted-keys: small cleanup Tetsuo Handa
2011-01-18 9:26 ` Mimi Zohar
2011-01-18 11:03 ` Tetsuo Handa
2011-01-18 11:28 ` Mimi Zohar
2011-01-18 11:42 ` Mimi Zohar
2011-01-17 9:39 ` [PATCH 3/3] trusted-keys: avoid scattring va_end() David Howells
2011-01-17 18:35 ` [PATCH 2/3] trusted-keys: check for NULL before using it Jesper Juhl
2011-01-17 21:02 ` Mimi Zohar
2011-01-17 9:34 ` David Howells
2011-01-17 18:34 ` [PATCH 1/3] trusted-keys: another free memory bugfix Jesper Juhl
2011-01-17 21:01 ` Mimi Zohar
2011-01-18 22:55 ` James Morris
2011-01-17 9:33 ` David Howells
2011-01-14 13:31 ` [PATCH] Trusted and Encrypted Keys: fix up TSS_rawhmac() so we always kfree() and remember to call va_end() David Howells
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).