rxrpc: Fix a memory leak in rxkad_verify_response() commit f45d01f4f30b53c3a0a1c6c1c154acb7ff74ab9f upstream. A ticket was not released after a call of the function "rxkad_decrypt_ticket" failed. Thus replace the jump target "temporary_error_free_resp" by "temporary_error_free_ticket". Fixes: 8c2f826dc3631 ("rxrpc: Don't put crypto buffers on the stack") Signed-off-by: Qiushi Wu <wu000273@umn.edu> Signed-off-by: David Howells <dhowells@redhat.com> cc: Markus Elfring <Markus.Elfring@web.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit: e7980748ed5a609a0a011c400a3fb620fa6f34d6 [log] [tgz]
author: Qiushi Wu <wu000273@umn.edu> Fri May 22 13:45:18 2020 -0500
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Wed May 27 17:37:44 2020 +0200
tree: 034b1fb8643b86871de63d3e4fcfec7e8f56164d
parent: 0ce2f76e97d8ff16565d86b1d43645c4fabd38fa [diff]
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index cea1683..dce7bdc 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c

@@ -1118,7 +1118,7 @@
 	ret = rxkad_decrypt_ticket(conn, skb, ticket, ticket_len, &session_key,
 				   &expiry, _abort_code);
 	if (ret < 0)
-		goto temporary_error_free_resp;
+		goto temporary_error_free_ticket;
 
 	/* use the session key from inside the ticket to decrypt the
 	 * response */
@@ -1200,7 +1200,6 @@
 
 temporary_error_free_ticket:
 	kfree(ticket);
-temporary_error_free_resp:
 	kfree(response);
 temporary_error:
 	/* Ignore the response packet if we got a temporary error such as
commit	e7980748ed5a609a0a011c400a3fb620fa6f34d6	[log] [tgz]
author	Qiushi Wu <wu000273@umn.edu>	Fri May 22 13:45:18 2020 -0500
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Wed May 27 17:37:44 2020 +0200
tree	034b1fb8643b86871de63d3e4fcfec7e8f56164d
parent	0ce2f76e97d8ff16565d86b1d43645c4fabd38fa [diff]