trusted-keys: another free memory bugfix TSS_rawhmac() forgot to call va_end()/kfree() when data == NULL and forgot to call va_end() when crypto_shash_update() < 0. Fix these bugs by escaping from the loop using "break" (rather than "return"/"goto") in order to make sure that va_end()/kfree() are always called. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Jesper Juhl <jj@chaosbits.net> Acked-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: 35576eab390df313095306e2a8216134910e7014 [log] [tgz]
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Mon Jan 17 09:22:47 2011 +0900
committer: James Morris <jmorris@namei.org> Wed Jan 19 09:53:53 2011 +1100
tree: c35b52f6797ce69091c3e3bc596783f45e19496a
parent: 40c1001792de63e0f90e977eb05393fd71f78692 [diff]
diff --git a/security/keys/trusted_defined.c b/security/keys/trusted_defined.c
index 932f868..7b21795 100644
--- a/security/keys/trusted_defined.c
+++ b/security/keys/trusted_defined.c

@@ -101,11 +101,13 @@
 		if (dlen == 0)
 			break;
 		data = va_arg(argp, unsigned char *);
-		if (data == NULL)
-			return -EINVAL;
+		if (data == NULL) {
+			ret = -EINVAL;
+			break;
+		}
 		ret = crypto_shash_update(&sdesc->shash, data, dlen);
 		if (ret < 0)
-			goto out;
+			break;
 	}
 	va_end(argp);
 	if (!ret)
commit	35576eab390df313095306e2a8216134910e7014	[log] [tgz]
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	Mon Jan 17 09:22:47 2011 +0900
committer	James Morris <jmorris@namei.org>	Wed Jan 19 09:53:53 2011 +1100
tree	c35b52f6797ce69091c3e3bc596783f45e19496a
parent	40c1001792de63e0f90e977eb05393fd71f78692 [diff]