From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Fri, 02 Jun 2023 14:45:46 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <oss-tools-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1q54A7-007JbK-JD
	for lore@lore.pengutronix.de; Fri, 02 Jun 2023 14:45:46 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <oss-tools-bounces@pengutronix.de>)
	id 1q54A4-00035b-BH; Fri, 02 Jun 2023 14:45:44 +0200
Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <rhi@pengutronix.de>)
 id 1q54A2-00035G-RZ; Fri, 02 Jun 2023 14:45:42 +0200
Received: from rhi by ptx.hi.pengutronix.de with local (Exim 4.92)
 (envelope-from <rhi@pengutronix.de>)
 id 1q54A2-0001af-Lq; Fri, 02 Jun 2023 14:45:42 +0200
Date: Fri, 2 Jun 2023 14:45:42 +0200
From: Roland Hieber <rhi@pengutronix.de>
To: Ahmad Fatoum <a.fatoum@pengutronix.de>
Message-ID: <20230602124542.eipoox2yjbp5aona@pengutronix.de>
References: <20230531151015.1404262-1-a.fatoum@pengutronix.de>
 <20230531151015.1404262-5-a.fatoum@pengutronix.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20230531151015.1404262-5-a.fatoum@pengutronix.de>
User-Agent: NeoMutt/20180716
Subject: Re: [OSS-Tools] [PATCH 5/5] barebox-state: fix use after free in
 error path
X-BeenThere: oss-tools@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Pengutronix Public Open-Source-Development <oss-tools.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/oss-tools>, 
 <mailto:oss-tools-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/oss-tools/>
List-Post: <mailto:oss-tools@pengutronix.de>
List-Help: <mailto:oss-tools-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/oss-tools>, 
 <mailto:oss-tools-request@pengutronix.de?subject=subscribe>
Cc: oss-tools@pengutronix.de
Sender: "OSS-Tools" <oss-tools-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: oss-tools-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

For the whole series:

Reviewed-by: Roland Hieber <rhi@pengutronix.de>

On Wed, May 31, 2023 at 05:10:15PM +0200, Ahmad Fatoum wrote:
> blob_bin is freed a few lines above unconditionally, so freeing it
> again in the error path will cause a double free.
> 
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> ---
>  src/keystore-blob.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/src/keystore-blob.c b/src/keystore-blob.c
> index ed6ecb4eaa25..8ec07f0a3d56 100644
> --- a/src/keystore-blob.c
> +++ b/src/keystore-blob.c
> @@ -81,10 +81,8 @@ int keystore_get_secret(const char *name, const unsigned char **key, int *key_le
>  
>  	/* payload */
>  	fd = open(blob_gen_payload, O_RDONLY);
> -	if (fd < 0) {
> -		free(blob_bin);
> +	if (fd < 0)
>  		return -errno;
> -	}
>  
>  	payload = xzalloc(len);
>  	len = read(fd, payload, len);
> -- 
> 2.39.2
> 
> 
> 

-- 
Roland Hieber, Pengutronix e.K.          | r.hieber@pengutronix.de     |
Steuerwalder Str. 21                     | https://www.pengutronix.de/ |
31137 Hildesheim, Germany                | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686         | Fax:   +49-5121-206917-5555 |