From: Eric Biggers <ebigg...@google.com>

[ Upstream commit 7829a0c1cb9c80debfb4fdb49b4d90019f2ea1ac ]

When I added the sanity check of 'descsize', I missed that the child
hash tfm needs to be freed if the sanity check fails.  Of course this
should never happen, hence the use of WARN_ON(), but it should be fixed.

Fixes: e1354400b25d ("crypto: hash - fix incorrect HASH_MAX_DESCSIZE")
Signed-off-by: Eric Biggers <ebigg...@google.com>
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sas...@kernel.org>
---
 crypto/hmac.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/hmac.c b/crypto/hmac.c
index 4b8c8ee8f15c..c623778b36ba 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -168,8 +168,10 @@ static int hmac_init_tfm(struct crypto_tfm *tfm)
 
        parent->descsize = sizeof(struct shash_desc) +
                           crypto_shash_descsize(hash);
-       if (WARN_ON(parent->descsize > HASH_MAX_DESCSIZE))
+       if (WARN_ON(parent->descsize > HASH_MAX_DESCSIZE)) {
+               crypto_free_shash(hash);
                return -EINVAL;
+       }
 
        ctx->hash = hash;
        return 0;
-- 
2.20.1

Reply via email to