summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2019-11-10 13:37:20 +0100
committerDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2019-11-10 15:29:59 +0100
commit64255d88391b8a531f0d358e22bdf12c0c79cd5d (patch)
tree9a72b802fbbdb1498ba047be108f0d9edc9ea6c2
parent19333aa3648663893d190d9ce8c7e45724c1a3bd (diff)
mkfs.ubifs: don't leak temporary buffers
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
-rw-r--r--ubifs-utils/mkfs.ubifs/crypto.c9
-rw-r--r--ubifs-utils/mkfs.ubifs/fscrypt.c18
2 files changed, 21 insertions, 6 deletions
diff --git a/ubifs-utils/mkfs.ubifs/crypto.c b/ubifs-utils/mkfs.ubifs/crypto.c
index d31bd2a..19c445e 100644
--- a/ubifs-utils/mkfs.ubifs/crypto.c
+++ b/ubifs-utils/mkfs.ubifs/crypto.c
@@ -118,23 +118,26 @@ static ssize_t gen_essiv_salt(const void *iv, size_t iv_len, const void *key, si
cipher = EVP_aes_256_ecb();
if (!cipher) {
errmsg("OpenSSL: Cipher AES-256-ECB is not supported");
- return -1;
+ goto fail;
}
if (do_hash(EVP_sha256(), key, key_len, sha256) != 0) {
errmsg("sha256 failed");
- return -1;
+ goto fail;
}
ret = do_encrypt(cipher, iv, iv_len, sha256, EVP_MD_size(EVP_sha256()), NULL, 0, salt);
if (ret != iv_len) {
errmsg("Unable to compute ESSIV salt, return value %zi instead of %zi", ret, iv_len);
- return -1;
+ goto fail;
}
free(sha256);
return ret;
+fail:
+ free(sha256);
+ return -1;
}
static ssize_t encrypt_block(const void *plaintext, size_t size,
diff --git a/ubifs-utils/mkfs.ubifs/fscrypt.c b/ubifs-utils/mkfs.ubifs/fscrypt.c
index 118c11c..b75bdf7 100644
--- a/ubifs-utils/mkfs.ubifs/fscrypt.c
+++ b/ubifs-utils/mkfs.ubifs/fscrypt.c
@@ -106,13 +106,19 @@ int encrypt_path(void **outbuf, void *data, unsigned int data_len,
memcpy(inbuf, data, data_len);
crypt_key = calc_fscrypt_subkey(fctx);
- if (!crypt_key)
+ if (!crypt_key) {
+ free(inbuf);
+ free(*outbuf);
return err_msg("could not compute subkey");
+ }
ret = fscrypt_cipher->encrypt_fname(inbuf, cryptlen,
crypt_key, *outbuf);
- if (ret < 0)
+ if (ret < 0) {
+ free(inbuf);
+ free(*outbuf);
return err_msg("could not encrypt filename");
+ }
free(crypt_key);
free(inbuf);
@@ -133,13 +139,19 @@ int encrypt_data_node(struct fscrypt_context *fctx, unsigned int block_no,
memcpy(inbuf, &dn->data, length);
crypt_key = calc_fscrypt_subkey(fctx);
- if (!crypt_key)
+ if (!crypt_key) {
+ free(inbuf);
+ free(outbuf);
return err_msg("could not compute subkey");
+ }
ret = fscrypt_cipher->encrypt_block(inbuf, pad_len,
crypt_key, block_no,
outbuf);
if (ret != pad_len) {
+ free(inbuf);
+ free(outbuf);
+ free(crypt_key);
return err_msg("encrypt_block returned %zi "
"instead of %zi", ret, pad_len);
}