Commit 52ef2fac authored by Gaosheng Cui's avatar Gaosheng Cui Committed by dinglongwei
Browse files

firmware_loader: Fix possible resource leak in fw_log_firmware_info() 

stable inclusion
from stable-v6.6.64
commit 789a72498d32f88d24371c10985aceb46397056c
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBEAFY
CVE: CVE-2024-53202

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=789a72498d32f88d24371c10985aceb46397056c



--------------------------------

firmware_loader: Fix possible resource leak in fw_log_firmware_info()

[ Upstream commit 369a9c046c2fdfe037f05b43b84c386bdbccc103 ]

The alg instance should be released under the exception path, otherwise
there may be resource leak here.

To mitigate this, free the alg instance with crypto_free_shash when kmalloc
fails.

Fixes: 02fe26f2 ("firmware_loader: Add debug message with checksum for FW file")
Signed-off-by: default avatarGaosheng Cui <cuigaosheng1@huawei.com>
Reviewed-by: default avatarAmadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Reviewed-by: default avatarRuss Weight <russ.weight@linux.dev>
Link: https://lore.kernel.org/r/20241016110335.3677924-1-cuigaosheng1@huawei.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatardinglongwei <dinglongwei1@huawei.com>
parent 8fc66242

drivers/base/firmware_loader/main.c

+2 −3
Original line number Diff line number Diff line
@@ -824,19 +824,18 @@ static void fw_log_firmware_info(const struct firmware *fw, const char *name, st 
	shash->tfm = alg;



	if (crypto_shash_digest(shash, fw->data, fw->size, sha256buf) < 0)

		goto out_shash;

		goto out_free;



	for (int i = 0; i < SHA256_DIGEST_SIZE; i++)

		sprintf(&outbuf[i * 2], "%02x", sha256buf[i]);

	outbuf[SHA256_BLOCK_SIZE] = 0;

	dev_dbg(device, "Loaded FW: %s, sha256: %s\n", name, outbuf);



out_shash:

	crypto_free_shash(alg);

out_free:

	kfree(shash);

	kfree(outbuf);

	kfree(sha256buf);

	crypto_free_shash(alg);

}

#else

static void fw_log_firmware_info(const struct firmware *fw, const char *name,