[PATCH OLK-6.6] firmware_loader: Fix possible resource leak in fw_log_firmware_info() - Kernel

28 Dec 2024

From: Gaosheng Cui cuigaosheng1@huawei.com
stable inclusion
from stable-v6.6.64
commit 789a72498d32f88d24371c10985aceb46397056c
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBEAFY
CVE: CVE-2024-53202
Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
firmware_loader: Fix possible resource leak in fw_log_firmware_info()
[ Upstream commit 369a9c046c2fdfe037f05b43b84c386bdbccc103 ]
The alg instance should be released under the exception path, otherwise
there may be resource leak here.
To mitigate this, free the alg instance with crypto_free_shash when kmalloc
fails.
Fixes: 02fe26f25325 ("firmware_loader: Add debug message with checksum for FW file")
Signed-off-by: Gaosheng Cui cuigaosheng1@huawei.com
Reviewed-by: Amadeusz Sławiński amadeuszx.slawinski@linux.intel.com
Reviewed-by: Russ Weight russ.weight@linux.dev
Link: https://lore.kernel.org/r/20241016110335.3677924-1-cuigaosheng1@huawei.com
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
Signed-off-by: Sasha Levin sashal@kernel.org
Signed-off-by: dinglongwei dinglongwei1@huawei.com
---
 drivers/base/firmware_loader/main.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c
index 0b18c6b46e65..f3133ba831c5 100644
--- a/drivers/base/firmware_loader/main.c
+++ b/drivers/base/firmware_loader/main.c
@@ -824,19 +824,18 @@ static void fw_log_firmware_info(const struct firmware *fw, const char *name, st
    shash->tfm = alg;
if (crypto_shash_digest(shash, fw->data, fw->size, sha256buf) < 0)
-		goto out_shash;
+		goto out_free;
for (int i = 0; i < SHA256_DIGEST_SIZE; i++)
    	sprintf(&outbuf[i * 2], "%02x", sha256buf[i]);
    outbuf[SHA256_BLOCK_SIZE] = 0;
    dev_dbg(device, "Loaded FW: %s, sha256: %s\n", name, outbuf);
-out_shash:
-	crypto_free_shash(alg);
 out_free:
    kfree(shash);
    kfree(outbuf);
    kfree(sha256buf);
+	crypto_free_shash(alg);
 }
 #else
 static void fw_log_firmware_info(const struct firmware *fw, const char *name,
-- 
2.22.0


    