From d116000784cc37dddd6b6d2aba04da85532cf85c Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Wed, 30 Sep 2009 01:11:24 +0200
Subject: [PATCH] pknock: fix return values and memleak in has_secret

First, there is a memory leak - when the crypto functions fail,
hexresult was not freed. Second, in that error case, the return value
is simply passed up to the caller, ignoring the different meanings of
0 and 1 between crypto and pknock.
---
 extensions/xt_pknock.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/extensions/xt_pknock.c b/extensions/xt_pknock.c
index 1f9e3d8..a24303c 100644
--- a/extensions/xt_pknock.c
+++ b/extensions/xt_pknock.c
@@ -737,7 +737,8 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
 	ret = crypto_hash_setkey(crypto.tfm, secret, secret_len);
 	if (ret) {
 		printk("crypto_hash_setkey() failed ret=%d\n", ret);
-		return ret;
+		ret = 0;
+		goto out;
 	}
 
 	/*
@@ -748,20 +749,19 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
 	ret = crypto_hash_digest(&crypto.desc, sg, 8, result);
 	if (ret) {
 		printk("crypto_hash_digest() failed ret=%d\n", ret);
-		return ret;
+		ret = 0;
+		goto out;
 	}
 
 	crypt_to_hex(hexresult, result, crypto.size);
 
 	if (memcmp(hexresult, payload, hexa_size) != 0) {
 		pr_debug("secret match failed\n");
-		goto out;
+		ret = 0;
 	}
 
-	ret = 1;
-
-out:
-	if (hexresult != NULL) kfree(hexresult);
+ out:
+	kfree(hexresult);
 	return ret;
 }