From: Qiushi Wu wu000273@umn.edu
commit f45d01f4f30b53c3a0a1c6c1c154acb7ff74ab9f upstream.
A ticket was not released after a call of the function "rxkad_decrypt_ticket" failed. Thus replace the jump target "temporary_error_free_resp" by "temporary_error_free_ticket".
Fixes: 8c2f826dc3631 ("rxrpc: Don't put crypto buffers on the stack") Signed-off-by: Qiushi Wu wu000273@umn.edu Signed-off-by: David Howells dhowells@redhat.com cc: Markus Elfring Markus.Elfring@web.de Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- net/rxrpc/rxkad.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
--- a/net/rxrpc/rxkad.c +++ b/net/rxrpc/rxkad.c @@ -1111,7 +1111,7 @@ static int rxkad_verify_response(struct ret = rxkad_decrypt_ticket(conn, skb, ticket, ticket_len, &session_key, &expiry, _abort_code); if (ret < 0) - goto temporary_error_free_resp; + goto temporary_error_free_ticket;
/* use the session key from inside the ticket to decrypt the * response */ @@ -1193,7 +1193,6 @@ protocol_error:
temporary_error_free_ticket: kfree(ticket); -temporary_error_free_resp: kfree(response); temporary_error: /* Ignore the response packet if we got a temporary error such as