1. Patchew
  2. linux
  3. View series

[PATCH] crypto/algapi: fix refcount leak in crypto_register_alg()

Wentao Liang posted 1 patch 5 days, 2 hours ago
There is a newer version of this series
crypto/algapi.c | 1 +
1 file changed, 1 insertion(+)
[PATCH] crypto/algapi: fix refcount leak in crypto_register_alg()
Posted by Wentao Liang 5 days, 2 hours ago 
In crypto_register_alg(), if the algorithm registration fails after
a successful crypto_alg_get() on the template algorithm, the acquired
reference is never released. This can occur when the new algorithm is
not allowed to be registered due to a constraint check failure.

Fix the leak by adding a corresponding crypto_alg_put() call in the
error path before returning.

Cc: stable@vger.kernel.org
Fixes: f1440a90465b ("crypto: api - Add support for duplicating algorithms before registration")
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
---
 crypto/algapi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/algapi.c b/crypto/algapi.c
index 37de377719ae..b0e4b13131c3 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -447,6 +447,7 @@ int crypto_register_alg(struct crypto_alg *alg)
 
 		p = kmemdup(p, algsize + sizeof(*alg), GFP_KERNEL);
 		if (!p)
+			crypto_alg_put(alg);
 			return -ENOMEM;
 
 		alg = (void *)(p + algsize);
-- 
2.34.1
Re: [PATCH] crypto/algapi: fix refcount leak in crypto_register_alg()
Posted by Herbert Xu 5 days, 2 hours ago 
On Wed, Jun 03, 2026 at 02:41:19AM +0000, Wentao Liang wrote:
> In crypto_register_alg(), if the algorithm registration fails after
> a successful crypto_alg_get() on the template algorithm, the acquired
> reference is never released. This can occur when the new algorithm is
> not allowed to be registered due to a constraint check failure.
> 
> Fix the leak by adding a corresponding crypto_alg_put() call in the
> error path before returning.
> 
> Cc: stable@vger.kernel.org
> Fixes: f1440a90465b ("crypto: api - Add support for duplicating algorithms before registration")
> Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
> ---
>  crypto/algapi.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/crypto/algapi.c b/crypto/algapi.c
> index 37de377719ae..b0e4b13131c3 100644
> --- a/crypto/algapi.c
> +++ b/crypto/algapi.c
> @@ -447,6 +447,7 @@ int crypto_register_alg(struct crypto_alg *alg)
>  
>  		p = kmemdup(p, algsize + sizeof(*alg), GFP_KERNEL);
>  		if (!p)
> +			crypto_alg_put(alg);
>  			return -ENOMEM;

Where is this reference count coming from?
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.