tipc: Fix potential tipc_aead refcnt leak in tipc_crypto_rcv
tipc_crypto_rcv() invokes tipc_aead_get(), which returns a reference of the tipc_aead object to "aead" with increased refcnt. When tipc_crypto_rcv() returns, the original local reference of "aead" becomes invalid, so the refcount should be decreased to keep refcount balanced. The issue happens in one error path of tipc_crypto_rcv(). When TIPC message decryption status is EINPROGRESS or EBUSY, the function forgets to decrease the refcnt increased by tipc_aead_get() and causes a refcnt leak. Fix this issue by calling tipc_aead_put() on the error path when TIPC message decryption status is EINPROGRESS or EBUSY. Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Xiyu Yang
David S. Miller
parent
d03f228470
commit
441870ee42
|
|
@ -1712,6 +1712,7 @@ exit:
|
|||
case -EBUSY:
|
||||
this_cpu_inc(stats->stat[STAT_ASYNC]);
|
||||
*skb = NULL;
|
||||
tipc_aead_put(aead);
|
||||
return rc;
|
||||
default:
|
||||
this_cpu_inc(stats->stat[STAT_NOK]);
|
||||
|
|
|
|||
Loading…
Reference in a new issue