commit cb69f36ba1f8d5e73c46538e84a88178fb17f23d
author Kees Cook <keescook@chromium.org> Tue Aug 13 15:02:27 2013 -0700
committer Tyler Hicks <tyhicks@canonical.com> Fri Sep 06 16:58:18 2013 -0700
tree df95c5e4d7c9697d22d21653571cc2f5960b5256
parent e6cbd6a44d8e263073808da9f295e502d15dc3fe

ecryptfs: avoid ctx initialization race

It might be possible for two callers to race the mutex lock after the
NULL ctx check. Instead, move the lock above the check so there isn't
the possibility of leaking a crypto ctx. Additionally, report the full
algo name when failing.

Signed-off-by: Kees Cook <keescook@chromium.org>
[tyhicks: remove out label, which is no longer used]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>

fs/ecryptfs/crypto.c

diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 3bd35e2..c88e355 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -614,30 +614,30 @@
 			"key_size_bits = [%zd]\n",
 			crypt_stat->cipher, (int)strlen(crypt_stat->cipher),
 			crypt_stat->key_size << 3);
+	mutex_lock(&crypt_stat->cs_tfm_mutex);
 	if (crypt_stat->tfm) {
 		rc = 0;
-		goto out;
+		goto out_unlock;
 	}
-	mutex_lock(&crypt_stat->cs_tfm_mutex);
 	rc = ecryptfs_crypto_api_algify_cipher_name(&full_alg_name,
 						    crypt_stat->cipher, "cbc");
 	if (rc)
 		goto out_unlock;
 	crypt_stat->tfm = crypto_alloc_ablkcipher(full_alg_name, 0, 0);
-	kfree(full_alg_name);
 	if (IS_ERR(crypt_stat->tfm)) {
 		rc = PTR_ERR(crypt_stat->tfm);
 		crypt_stat->tfm = NULL;
 		ecryptfs_printk(KERN_ERR, "cryptfs: init_crypt_ctx(): "
 				"Error initializing cipher [%s]\n",
-				crypt_stat->cipher);
-		goto out_unlock;
+				full_alg_name);
+		goto out_free;
 	}
 	crypto_ablkcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY);
 	rc = 0;
+out_free:
+	kfree(full_alg_name);
 out_unlock:
 	mutex_unlock(&crypt_stat->cs_tfm_mutex);
-out:
 	return rc;
 }