diff options
| author | Gunnar Kudrjavets <gunnarku@amazon.com> | 2026-04-08 12:00:27 +0300 |
|---|---|---|
| committer | Jarkko Sakkinen <jarkko@kernel.org> | 2026-04-21 18:54:28 +0300 |
| commit | 666c1a2ca603d8314231200bf8bbb3a81bd64c6b (patch) | |
| tree | 6b7e2d5c415b5454c9a7f11803e5fefac7de1d2b /include/trace | |
| parent | bb7a4e3b5f96d75756dab6459f073d4b2eedc7a0 (diff) | |
tpm: Fix auth session leak in tpm2_get_random() error path
When tpm_buf_fill_hmac_session() fails inside the do-while loop in
tpm2_get_random(), the function returns directly after destroying the
buffer, without ending the auth session via tpm2_end_auth_session().
This leaks the TPM auth session resource. All other error paths within
the loop correctly reach the 'out' label which calls both
tpm_buf_destroy() and tpm2_end_auth_session().
Fix this by replacing the early return with a goto to the existing 'out'
label, which already handles both cleanup operations. The redundant
tpm_buf_destroy() call is removed since 'out' takes care of it.
Cc: stable@vger.kernel.org # v6.19+
Fixes: 6e9722e9a7bf ("tpm2-sessions: Fix out of range indexing in name_size")
Signed-off-by: Gunnar Kudrjavets <gunnarku@amazon.com>
Reviewed-by: Justinien Bouron <jbouron@amazon.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'include/trace')
0 files changed, 0 insertions, 0 deletions