Jakub Kicinski <kuba@xxxxxxxxxx> wrote:
> On Mon, 7 Apr 2025 17:11:19 +0100 David Howells wrote:
> > + aead = crypto_krb5_prepare_encryption(krb5, &TK, RXGK_CLIENT_ENC_RESPONSE, gfp);
> > + if (IS_ERR(aead))
> > + goto aead_error;
> > + gk->resp_enc = aead;
> > +
> > + if (crypto_aead_blocksize(gk->resp_enc) != krb5->block_len ||
> > + crypto_aead_authsize(gk->resp_enc) != krb5->cksum_len) {
> > + pr_notice("algo inconsistent with krb5 table %u!=%u or %u!=%u\n",
> > + crypto_aead_blocksize(gk->resp_enc), krb5->block_len,
> > + crypto_aead_authsize(gk->resp_enc), krb5->cksum_len);
> > + return -EINVAL;
>
> kfree_sensitive(buffer); missing?
Good catch, thanks. That path should never trigger, but it should really do
"ret = -EINVAL; goto out;".
Do you want me to respin the patches or follow up with a fix patch?
David
