[PATCH v3] crypto/algapi: fix refcount leak in crypto_register_alg()

Next message: Michal Simek: "Re: [RFC] drivers/staging/axis-fifo: Looking for users"
Previous message: Andy Shevchenko: "[PATCH v1 1/1] drm/amd/display: Use %*ph to print small buffer"
Next in thread: Herbert Xu: "Re: [PATCH v3] crypto/algapi: fix refcount leak in crypto_register_alg()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Wentao Liang

Date: Wed Jun 03 2026 - 04:24:57 EST

When crypto_register_alg() calls crypto_check_alg() successfully,
the algorithm's refcount is set to one. If the subsequent handling
for CRYPTO_ALG_DUP_FIRST fails with ENOMEM due to a kmemdup()
error, the function returns without decrementing the refcount.
This leaves the algorithm forever pinned with a leaked reference.

Fix it by calling crypto_alg_put() on the kmemdup() failure path,
matching the error handling used elsewhere in the function.

Cc: stable@xxxxxxxxxxxxxxx
Fixes: f1440a90465b ("crypto: api - Add support for duplicating algorithms before registration")
Signed-off-by: Wentao Liang <vulab@xxxxxxxxxxx>

---
Changes in v2:
- Clarify the refcount lifecycle.
- Fix code error.
---
crypto/algapi.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/algapi.c b/crypto/algapi.c
index 37de377719ae..260d03b328ec 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -446,8 +446,10 @@ int crypto_register_alg(struct crypto_alg *alg)
u8 *p = (u8 *)alg - algsize;

p = kmemdup(p, algsize + sizeof(*alg), GFP_KERNEL);
- if (!p)
+ if (!p) {
+ crypto_alg_put(alg);
return -ENOMEM;
+ }

alg = (void *)(p + algsize);
alg->cra_destroy = crypto_free_alg;
--
2.34.1