dm crypt: fix free of bad values after tfm allocation failure

[ Upstream commit 5d0be84ec0cacfc7a6d6ea548afdd07d481324cd ] If crypt_alloc_tfms() had to allocate multiple tfms and it failed before the last allocation, then it would call crypt_free_tfms() and could free pointers from uninitialized memory -- due to the crypt_free_tfms() check for non-zero cc->tfms[i]. Fix by allocating zeroed memory. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
author: Eric Biggers <ebiggers@google.com> 2016-08-30 09:51:44 -0700
committer: Sasha Levin <alexander.levin@verizon.com> 2016-09-15 18:53:30 -0400
commit: e1857183b9f00bc4aef95794a5215b386d540f33 (patch)
tree: 8ea5bd1dbde26dc47cd991c44b7bb5469265b924
parent: af26eb1cc0535f5c59ef6241bb4f305c846b22d5 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index b6557bda825c..ce507a405d05 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -1433,7 +1433,7 @@ static int crypt_alloc_tfms(struct crypt_config *cc, char *ciphermode)
 	unsigned i;
 	int err;
 
-	cc->tfms = kmalloc(cc->tfms_count * sizeof(struct crypto_ablkcipher *),
+	cc->tfms = kzalloc(cc->tfms_count * sizeof(struct crypto_ablkcipher *),
 			   GFP_KERNEL);
 	if (!cc->tfms)
 		return -ENOMEM;
author	Eric Biggers <ebiggers@google.com>	2016-08-30 09:51:44 -0700
committer	Sasha Levin <alexander.levin@verizon.com>	2016-09-15 18:53:30 -0400
commit	e1857183b9f00bc4aef95794a5215b386d540f33 (patch)
tree	8ea5bd1dbde26dc47cd991c44b7bb5469265b924
parent	af26eb1cc0535f5c59ef6241bb4f305c846b22d5 (diff)