tmp_buffer is allocated using malloc but failure is not handled. This commit ensures that we do not use a NULL pointer if malloc fails.
Signed-off-by: Francois Berder <[email protected]> --- drivers/crypto/aes/aes-uclass.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/aes/aes-uclass.c b/drivers/crypto/aes/aes-uclass.c index 745c6ce57a9..5bdd3d736c4 100644 --- a/drivers/crypto/aes/aes-uclass.c +++ b/drivers/crypto/aes/aes-uclass.c @@ -156,13 +156,17 @@ int dm_aes_cmac(struct udevice *dev, u8 *src, u8 *dst, u32 num_aes_blocks) /* Process all blocks except last by calling engine several times per dma buffer size */ if (num_aes_blocks > 1) { tmp_buffer = malloc(AES_BLOCK_LENGTH * min(num_aes_blocks - 1, TMP_BUFFER_LEN)); + if (!tmp_buffer) + return -1; while (num_aes_blocks > 1) { u32 blocks = min(num_aes_blocks - 1, TMP_BUFFER_LEN); /* Encrypt the current remaining set of blocks that fits in tmp buffer */ ret = dm_aes_cbc_encrypt(dev, tmp_block, src, tmp_buffer, blocks); - if (ret) + if (ret) { + free(tmp_buffer); return -1; + } num_aes_blocks -= blocks; src += blocks * AES_BLOCK_LENGTH; -- 2.43.0
