board: fsl_validate: Fix resource leak issue Free dynamically allocated memory before every return statement in calc_img_key_hash() and calc_esbchdr_esbc_hash() function. Verified the secure boot changes using ls1046afrwy board. Signed-off-by: Kshitiz Varshney <kshitiz.varshney@nxp.com> Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>

commit: 295e07deb4f934d2723415a316eb6c00d4447cab [log] [tgz]
author: Kshitiz Varshney <kshitiz.varshney@nxp.com> Sun Aug 01 14:31:45 2021 +0200
committer: Priyanka Jain <priyanka.jain@nxp.com> Wed Aug 18 15:55:15 2021 +0530
tree: ce78a1d99075c5811ce0c0ef86176f714b05f935
parent: a1fe568d2e5875d62526785f33c689a9676e2124 [diff]
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index 066aa9a..c90afe2 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c

@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0+
 /*
  * Copyright 2015 Freescale Semiconductor, Inc.
+ * Copyright 2021 NXP
  */
 
 #include <common.h>
@@ -498,8 +499,11 @@
 		return ret;
 
 	ret = algo->hash_init(algo, &ctx);
-	if (ret)
+	if (ret) {
+		if (ctx)
+			free(ctx);
 		return ret;
+	}
 
 	/* Update hash for ESBC key */
 #ifdef CONFIG_KEY_REVOCATION
@@ -518,8 +522,11 @@
 
 	/* Copy hash at destination buffer */
 	ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size);
-	if (ret)
+	if (ret) {
+		if (ctx)
+			free(ctx);
 		return ret;
+	}
 
 	for (i = 0; i < SHA256_BYTES; i++)
 		img->img_key_hash[i] = hash_val[i];
@@ -547,14 +554,18 @@
 
 	ret = algo->hash_init(algo, &ctx);
 	/* Copy hash at destination buffer */
-	if (ret)
+	if (ret) {
+		free(ctx);
 		return ret;
+	}
 
 	/* Update hash for CSF Header */
 	ret = algo->hash_update(algo, ctx,
 		(u8 *)&img->hdr, sizeof(struct fsl_secboot_img_hdr), 0);
-	if (ret)
+	if (ret) {
+		free(ctx);
 		return ret;
+	}
 
 	/* Update the hash with that of srk table if srk flag is 1
 	 * If IE Table is selected, key is not added in the hash
@@ -581,22 +592,29 @@
 		key_hash = 1;
 	}
 #endif
-	if (ret)
+	if (ret) {
+		free(ctx);
 		return ret;
-	if (!key_hash)
+	}
+	if (!key_hash) {
+		free(ctx);
 		return ERROR_KEY_TABLE_NOT_FOUND;
+	}
 
 	/* Update hash for actual Image */
 	ret = algo->hash_update(algo, ctx,
 		(u8 *)(*(img->img_addr_ptr)), img->img_size, 1);
-	if (ret)
+	if (ret) {
+		free(ctx);
 		return ret;
+	}
 
 	/* Copy hash at destination buffer */
 	ret = algo->hash_finish(algo, ctx, hash_val, algo->digest_size);
-	if (ret)
+	if (ret) {
+		free(ctx);
 		return ret;
-
+	}
 	return 0;
 }
commit	295e07deb4f934d2723415a316eb6c00d4447cab	[log] [tgz]
author	Kshitiz Varshney <kshitiz.varshney@nxp.com>	Sun Aug 01 14:31:45 2021 +0200
committer	Priyanka Jain <priyanka.jain@nxp.com>	Wed Aug 18 15:55:15 2021 +0530
tree	ce78a1d99075c5811ce0c0ef86176f714b05f935
parent	a1fe568d2e5875d62526785f33c689a9676e2124 [diff]