[ Upstream commit 7829a0c1cb9c80debfb4fdb49b4d90019f2ea1ac ]
When I added the sanity check of 'descsize', I missed that the child hash tfm needs to be freed if the sanity check fails. Of course this should never happen, hence the use of WARN_ON(), but it should be fixed.
Fixes: e1354400b25d ("crypto: hash - fix incorrect HASH_MAX_DESCSIZE") Signed-off-by: Eric Biggers ebiggers@google.com Signed-off-by: Herbert Xu herbert@gondor.apana.org.au Signed-off-by: Sasha Levin sashal@kernel.org --- crypto/hmac.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/crypto/hmac.c b/crypto/hmac.c index 4b8c8ee8f15c..c623778b36ba 100644 --- a/crypto/hmac.c +++ b/crypto/hmac.c @@ -168,8 +168,10 @@ static int hmac_init_tfm(struct crypto_tfm *tfm)
parent->descsize = sizeof(struct shash_desc) + crypto_shash_descsize(hash); - if (WARN_ON(parent->descsize > HASH_MAX_DESCSIZE)) + if (WARN_ON(parent->descsize > HASH_MAX_DESCSIZE)) { + crypto_free_shash(hash); return -EINVAL; + }
ctx->hash = hash; return 0;