PKCS#7: Fix the parser cleanup to drain parsed out X.509 certs
Fix the parser cleanup code to drain parsed out X.509 certs in the case that the decode fails and we jump to error_decode. The function is rearranged so that the same cleanup code is used in the success case as the error case - just that the message descriptor under construction is only released if it is still pointed to by the context struct at that point. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com>
This commit is contained in:
parent
3cd0920cde
commit
cecf5d2e12
@ -81,47 +81,46 @@ EXPORT_SYMBOL_GPL(pkcs7_free_message);
|
|||||||
struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
|
struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
|
||||||
{
|
{
|
||||||
struct pkcs7_parse_context *ctx;
|
struct pkcs7_parse_context *ctx;
|
||||||
struct pkcs7_message *msg;
|
struct pkcs7_message *msg = ERR_PTR(-ENOMEM);
|
||||||
long ret;
|
int ret;
|
||||||
|
|
||||||
ret = -ENOMEM;
|
|
||||||
msg = kzalloc(sizeof(struct pkcs7_message), GFP_KERNEL);
|
|
||||||
if (!msg)
|
|
||||||
goto error_no_sig;
|
|
||||||
ctx = kzalloc(sizeof(struct pkcs7_parse_context), GFP_KERNEL);
|
ctx = kzalloc(sizeof(struct pkcs7_parse_context), GFP_KERNEL);
|
||||||
if (!ctx)
|
if (!ctx)
|
||||||
goto error_no_ctx;
|
goto out_no_ctx;
|
||||||
|
ctx->msg = kzalloc(sizeof(struct pkcs7_message), GFP_KERNEL);
|
||||||
|
if (!ctx->msg)
|
||||||
|
goto out_no_msg;
|
||||||
ctx->sinfo = kzalloc(sizeof(struct pkcs7_signed_info), GFP_KERNEL);
|
ctx->sinfo = kzalloc(sizeof(struct pkcs7_signed_info), GFP_KERNEL);
|
||||||
if (!ctx->sinfo)
|
if (!ctx->sinfo)
|
||||||
goto error_no_sinfo;
|
goto out_no_sinfo;
|
||||||
|
|
||||||
ctx->msg = msg;
|
|
||||||
ctx->data = (unsigned long)data;
|
ctx->data = (unsigned long)data;
|
||||||
ctx->ppcerts = &ctx->certs;
|
ctx->ppcerts = &ctx->certs;
|
||||||
ctx->ppsinfo = &ctx->msg->signed_infos;
|
ctx->ppsinfo = &ctx->msg->signed_infos;
|
||||||
|
|
||||||
/* Attempt to decode the signature */
|
/* Attempt to decode the signature */
|
||||||
ret = asn1_ber_decoder(&pkcs7_decoder, ctx, data, datalen);
|
ret = asn1_ber_decoder(&pkcs7_decoder, ctx, data, datalen);
|
||||||
if (ret < 0)
|
if (ret < 0) {
|
||||||
goto error_decode;
|
msg = ERR_PTR(ret);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
msg = ctx->msg;
|
||||||
|
ctx->msg = NULL;
|
||||||
|
|
||||||
|
out:
|
||||||
while (ctx->certs) {
|
while (ctx->certs) {
|
||||||
struct x509_certificate *cert = ctx->certs;
|
struct x509_certificate *cert = ctx->certs;
|
||||||
ctx->certs = cert->next;
|
ctx->certs = cert->next;
|
||||||
x509_free_certificate(cert);
|
x509_free_certificate(cert);
|
||||||
}
|
}
|
||||||
pkcs7_free_signed_info(ctx->sinfo);
|
pkcs7_free_signed_info(ctx->sinfo);
|
||||||
|
out_no_sinfo:
|
||||||
|
pkcs7_free_message(ctx->msg);
|
||||||
|
out_no_msg:
|
||||||
kfree(ctx);
|
kfree(ctx);
|
||||||
|
out_no_ctx:
|
||||||
return msg;
|
return msg;
|
||||||
|
|
||||||
error_decode:
|
|
||||||
pkcs7_free_signed_info(ctx->sinfo);
|
|
||||||
error_no_sinfo:
|
|
||||||
kfree(ctx);
|
|
||||||
error_no_ctx:
|
|
||||||
pkcs7_free_message(msg);
|
|
||||||
error_no_sig:
|
|
||||||
return ERR_PTR(ret);
|
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(pkcs7_parse_message);
|
EXPORT_SYMBOL_GPL(pkcs7_parse_message);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user