From: Navid Emamdoost <navid.emamdoost@gmail.com>

Date: Thu, 19 Sep 2019 11:04:48 -0500

Subject: crypto: ccp - Release all allocated memory if sha type is invalid

Git-commit: 128c66429247add5128c03dc1e144ca56f05a4e2

Patch-mainline: v5.5-rc1

References: bsc#1156259 CVE-2019-18808

Release all allocated memory if sha type is invalid:

In ccp_run_sha_cmd, if the type of sha is invalid, the allocated

hmac_buf should be released.

v2: fix the goto.

Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>

Acked-by: Gary R Hook <gary.hook@amd.com>

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Acked-by: Borislav Petkov <bp@suse.de>

---

 drivers/crypto/ccp/ccp-ops.c | 3 ++-

 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c

index c8da8eb160da..422193690fd4 100644

--- a/drivers/crypto/ccp/ccp-ops.c

+++ b/drivers/crypto/ccp/ccp-ops.c

@@ -1777,8 +1777,9 @@ ccp_run_sha_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd)

 			       LSB_ITEM_SIZE);

 			break;

 		default:

+			kfree(hmac_buf);

 			ret = -EINVAL;

-			goto e_ctx;

+			goto e_data;

 		}

 		memset(&hmac_cmd, 0, sizeof(hmac_cmd));