libceph: fix crypto key null deref, memory leak

Avoid crashing if the crypto key payload was NULL, as when it was not correctly
allocated and initialized.  Also, avoid leaking it.

Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Alex Elder <elder@inktank.com>

diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index b780cb7947ddd29f6ae23b11f3b030d22686beda..9da7fdd3cd8ae85b23050f2bf35abf5db1054b37 100644 (file)
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -466,6 +466,7 @@ void ceph_key_destroy(struct key *key) {
        struct ceph_crypto_key *ckey = key->payload.data;
 
        ceph_crypto_key_destroy(ckey);
+       kfree(ckey);
 }
 
 struct key_type key_type_ceph = {

diff --git a/net/ceph/crypto.h b/net/ceph/crypto.h
index 1919d1550d75ad8793f9b84f8fa63a46b900c4d4..3572dc518bc984aece38fb8bd9f8cbe7b1b5c239 100644 (file)
--- a/net/ceph/crypto.h
+++ b/net/ceph/crypto.h
@@ -16,7 +16,8 @@ struct ceph_crypto_key {
 
 static inline void ceph_crypto_key_destroy(struct ceph_crypto_key *key)
 {
-       kfree(key->key);
+       if (key)
+               kfree(key->key);
 }
 
 extern int ceph_crypto_key_clone(struct ceph_crypto_key *dst,