PKCS#7: Fix the parser cleanup to drain parsed out X.509 certs

Fix the parser cleanup code to drain parsed out X.509 certs in the case that
the decode fails and we jump to error_decode.

The function is rearranged so that the same cleanup code is used in the success
case as the error case - just that the message descriptor under construction is
only released if it is still pointed to by the context struct at that point.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
This commit is contained in:
David Howells 2014-09-16 17:29:03 +01:00
parent 3cd0920cde
commit cecf5d2e12

View File

@ -81,47 +81,46 @@ EXPORT_SYMBOL_GPL(pkcs7_free_message);
struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen) struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
{ {
struct pkcs7_parse_context *ctx; struct pkcs7_parse_context *ctx;
struct pkcs7_message *msg; struct pkcs7_message *msg = ERR_PTR(-ENOMEM);
long ret; int ret;
ret = -ENOMEM;
msg = kzalloc(sizeof(struct pkcs7_message), GFP_KERNEL);
if (!msg)
goto error_no_sig;
ctx = kzalloc(sizeof(struct pkcs7_parse_context), GFP_KERNEL); ctx = kzalloc(sizeof(struct pkcs7_parse_context), GFP_KERNEL);
if (!ctx) if (!ctx)
goto error_no_ctx; goto out_no_ctx;
ctx->msg = kzalloc(sizeof(struct pkcs7_message), GFP_KERNEL);
if (!ctx->msg)
goto out_no_msg;
ctx->sinfo = kzalloc(sizeof(struct pkcs7_signed_info), GFP_KERNEL); ctx->sinfo = kzalloc(sizeof(struct pkcs7_signed_info), GFP_KERNEL);
if (!ctx->sinfo) if (!ctx->sinfo)
goto error_no_sinfo; goto out_no_sinfo;
ctx->msg = msg;
ctx->data = (unsigned long)data; ctx->data = (unsigned long)data;
ctx->ppcerts = &ctx->certs; ctx->ppcerts = &ctx->certs;
ctx->ppsinfo = &ctx->msg->signed_infos; ctx->ppsinfo = &ctx->msg->signed_infos;
/* Attempt to decode the signature */ /* Attempt to decode the signature */
ret = asn1_ber_decoder(&pkcs7_decoder, ctx, data, datalen); ret = asn1_ber_decoder(&pkcs7_decoder, ctx, data, datalen);
if (ret < 0) if (ret < 0) {
goto error_decode; msg = ERR_PTR(ret);
goto out;
}
msg = ctx->msg;
ctx->msg = NULL;
out:
while (ctx->certs) { while (ctx->certs) {
struct x509_certificate *cert = ctx->certs; struct x509_certificate *cert = ctx->certs;
ctx->certs = cert->next; ctx->certs = cert->next;
x509_free_certificate(cert); x509_free_certificate(cert);
} }
pkcs7_free_signed_info(ctx->sinfo); pkcs7_free_signed_info(ctx->sinfo);
out_no_sinfo:
pkcs7_free_message(ctx->msg);
out_no_msg:
kfree(ctx); kfree(ctx);
out_no_ctx:
return msg; return msg;
error_decode:
pkcs7_free_signed_info(ctx->sinfo);
error_no_sinfo:
kfree(ctx);
error_no_ctx:
pkcs7_free_message(msg);
error_no_sig:
return ERR_PTR(ret);
} }
EXPORT_SYMBOL_GPL(pkcs7_parse_message); EXPORT_SYMBOL_GPL(pkcs7_parse_message);