diff options
author | Jens Wiklander <jens.wiklander@linaro.org> | 2018-09-07 14:44:45 +0200 |
---|---|---|
committer | Jérôme Forissier <jerome.forissier@linaro.org> | 2018-09-07 16:40:16 +0200 |
commit | d7a893d3c04b8a94d54bb0b44adcd03b196b174b (patch) | |
tree | bf29119e94521359797c88f84648e9f393e0dd9b /core/tee | |
parent | eecd6bd232cf55fe8c093d3336b696118a871fd1 (diff) |
core: fix tee_tadb_ta_create() panic
Fixes a panic triggered in tee_tadb_ta_create(). Before this patch
tee_tadb_ta_create() was calling tadb_put() if tee_tadb_open() failed.
This is incorrect as the reference counter hasn't been increased then.
This patch fixes that by only calling tadb_put() once tee_tadb_open()
has succeeded.
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Diffstat (limited to 'core/tee')
-rw-r--r-- | core/tee/tadb.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/core/tee/tadb.c b/core/tee/tadb.c index c7b625df..5b7f2407 100644 --- a/core/tee/tadb.c +++ b/core/tee/tadb.c @@ -391,7 +391,7 @@ TEE_Result tee_tadb_ta_create(const struct tee_tadb_property *property, res = tee_tadb_open(&ta->db); if (res) - goto err; + goto err_free; mutex_lock(&tadb_mutex); @@ -420,20 +420,20 @@ TEE_Result tee_tadb_ta_create(const struct tee_tadb_property *property, res = crypto_rng_read(ta->entry.iv, sizeof(ta->entry.iv)); if (res) - goto err; + goto err_put; res = crypto_rng_read(ta->entry.key, sizeof(ta->entry.key)); if (res) - goto err; + goto err_put; res = ta_operation_open(OPTEE_MRF_CREATE, ta->entry.file_number, &ta->fd); if (res) - goto err; + goto err_put; res = tadb_authenc_init(TEE_MODE_ENCRYPT, &ta->entry, &ta->ctx); if (res) - goto err; + goto err_put; *ta_ret = ta; @@ -441,8 +441,9 @@ TEE_Result tee_tadb_ta_create(const struct tee_tadb_property *property, err_mutex: mutex_unlock(&tadb_mutex); -err: +err_put: tadb_put(ta->db); +err_free: free(ta); return res; |