[v2,5/5] linux-gen: ipsec: fix SA leak in SA creation

Message ID	1517238014-22220-6-git-send-email-odpbot@yandex.ru
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; From: Github ODP bot <odpbot@yandex.ru> To: lng-odp@lists.linaro.org Date: Mon, 29 Jan 2018 18:00:14 +0300 Message-Id: <1517238014-22220-6-git-send-email-odpbot@yandex.ru> In-Reply-To: <1517238014-22220-1-git-send-email-odpbot@yandex.ru> References: <1517238014-22220-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 427 Subject: [lng-odp] [PATCH v2 5/5] linux-gen: ipsec: fix SA leak in SA creation Precedence: list Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" <lng-odp-bounces@lists.linaro.org>
Series	[v2,1/5] linux-gen: ipsec: disallow using SAs while they are being created \| expand [v2,1/5] linux-gen: ipsec: disallow using SAs while they are being created [v2,2/5] linux-gen: ipsec: fix SA leak in odp_ipsec_sa_create [v2,3/5] linux-gen: ipsec: fix SA leak in lookup case [v2,4/5] linux-gen: ipsec: prevent sa_lookup from matching outbound SAs [v2,5/5] linux-gen: ipsec: fix SA leak in SA creation

Message ID

1517238014-22220-6-git-send-email-odpbot@yandex.ru

State

New

Headers

Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org
	designates 54.197.127.237 as permitted sender)
	client-ip=54.197.127.237; 
From: Github ODP bot <odpbot@yandex.ru>
To: lng-odp@lists.linaro.org
Date: Mon, 29 Jan 2018 18:00:14 +0300
Message-Id: <1517238014-22220-6-git-send-email-odpbot@yandex.ru>
In-Reply-To: <1517238014-22220-1-git-send-email-odpbot@yandex.ru>
References: <1517238014-22220-1-git-send-email-odpbot@yandex.ru>
Github-pr-num: 427
Subject: [lng-odp] [PATCH v2 5/5] linux-gen: ipsec: fix SA leak in SA
	creation
Precedence: list
Errors-To: lng-odp-bounces@lists.linaro.org
Sender: "lng-odp" <lng-odp-bounces@lists.linaro.org>

Series

[v2,1/5] linux-gen: ipsec: disallow using SAs while they are being created | expand

Commit Message

Github ODP bot Jan. 29, 2018, 3 p.m. UTC

From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


odp_ipsec_sa_create can leave SA locked if one asks for
ODP_AUTH_AES_GMAC with non-NULL encryption. Unlock SA in error path.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 427 (lumag:ipsec-fix-sad)
 ** https://github.com/Linaro/odp/pull/427
 ** Patch: https://github.com/Linaro/odp/pull/427.patch
 ** Base sha: 27480d82bd93a881ae683a3c314c11042a68ce29
 ** Merge commit sha: 67c9dbf28c41ea7a53782ba841276b03f154c4ef
 **/
 platform/linux-generic/odp_ipsec_sad.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index 2af72bbb5..60d9b8fe7 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -416,7 +416,7 @@  odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 		break;
 	case ODP_AUTH_ALG_AES_GMAC:
 		if (ODP_CIPHER_ALG_NULL != crypto_param.cipher_alg)
-			return ODP_IPSEC_SA_INVALID;
+			goto error;
 		ipsec_sa->use_counter_iv = 1;
 		ipsec_sa->esp_iv_len = 8;
 		ipsec_sa->esp_block_len = 16;