Fix memory leak in integrity device query processing.

lib/libdevmapper.c

@@ -1831,10 +1831,12 @@ static int _dm_query_integrity(uint32_t get_flags,
 			else if (!strncmp(arg, "internal_hash:", 14) && !integrity) {
 				str = &arg[14];
 				arg = strsep(&str, ":");
-				integrity = strdup(arg);
+				if (get_flags & DM_ACTIVE_INTEGRITY_PARAMS) {
-				if (!integrity) {
+					integrity = strdup(arg);
-					r = -ENOMEM;
+					if (!integrity) {
-					goto err;
+						r = -ENOMEM;
+						goto err;
+					}
 				}
 
 				if (str) {
@@ -1861,18 +1863,22 @@ static int _dm_query_integrity(uint32_t get_flags,
 			} else if (!strncmp(arg, "journal_crypt:", 14) && !journal_crypt) {
 				str = &arg[14];
 				arg = strsep(&str, ":");
-				journal_crypt = strdup(arg);
+				if (get_flags & DM_ACTIVE_INTEGRITY_PARAMS) {
-				if (!journal_crypt) {
+					journal_crypt = strdup(arg);
-					r = -ENOMEM;
+					if (!journal_crypt) {
-					goto err;
+						r = -ENOMEM;
+						goto err;
+					}
 				}
 			} else if (!strncmp(arg, "journal_mac:", 12) && !journal_integrity) {
 				str = &arg[12];
 				arg = strsep(&str, ":");
-				journal_integrity = strdup(arg);
+				if (get_flags & DM_ACTIVE_INTEGRITY_PARAMS) {
-				if (!journal_integrity) {
+					journal_integrity = strdup(arg);
-					r = -ENOMEM;
+					if (!journal_integrity) {
-					goto err;
+						r = -ENOMEM;
+						goto err;
+					}
 				}
 			} else /* unknown option */
 				goto err;

lib/setup.c

@@ -1116,7 +1116,7 @@ static int _init_by_name_verity(struct crypt_device *cd, const char *name)
 		.target = DM_VERITY,
 		.u.verity.vp = &params,
 	};
-	int r;
+	int r, verity_type = 0;
 
 	r = dm_query_device(cd, name,
 				DM_ACTIVE_DEVICE |
@@ -1148,8 +1148,14 @@ static int _init_by_name_verity(struct crypt_device *cd, const char *name)
 		cd->u.verity.hdr.fec_roots = params.fec_roots;
 		cd->u.verity.fec_device = dmd.u.verity.fec_device;
 		cd->metadata_device = dmd.u.verity.hash_device;
+		verity_type = 1;
 	}
 out:
+	if (!verity_type && dmd.u.verity.vp) {
+		free(CONST_CAST(void*)dmd.u.verity.vp->hash_name);
+		free(CONST_CAST(void*)dmd.u.verity.vp->salt);
+		free(CONST_CAST(void*)dmd.u.verity.fec_device);
+	}
 	device_free(dmd.data_device);
 	return r;
 }
@@ -1159,11 +1165,12 @@ static int _init_by_name_integrity(struct crypt_device *cd, const char *name)
 	struct crypt_dm_active_device dmd = {
 		.target = DM_INTEGRITY,
 	};
-	int r;
+	int r, integrity_type = 0;
 
 	r = dm_query_device(cd, name, DM_ACTIVE_DEVICE |
 				      DM_ACTIVE_CRYPT_KEY |
-				      DM_ACTIVE_CRYPT_KEYSIZE, &dmd);
+				      DM_ACTIVE_CRYPT_KEYSIZE |
+				      DM_ACTIVE_INTEGRITY_PARAMS, &dmd);
 	if (r < 0)
 		goto out;
 	if (r > 0)
@@ -1187,8 +1194,14 @@ static int _init_by_name_integrity(struct crypt_device *cd, const char *name)
 			cd->u.integrity.params.journal_integrity_key_size = dmd.u.integrity.journal_integrity_key->keylength;
 		if (dmd.u.integrity.journal_crypt_key)
 			cd->u.integrity.params.integrity_key_size = dmd.u.integrity.journal_crypt_key->keylength;
+		integrity_type = 1;
 	}
 out:
+	if (!integrity_type) {
+		free(CONST_CAST(void*)dmd.u.integrity.integrity);
+		free(CONST_CAST(void*)dmd.u.integrity.journal_integrity);
+		free(CONST_CAST(void*)dmd.u.integrity.journal_crypt);
+	}
 	crypt_free_volume_key(dmd.u.integrity.vk);
 	crypt_free_volume_key(dmd.u.integrity.journal_integrity_key);
 	crypt_free_volume_key(dmd.u.integrity.journal_crypt_key);

lib/utils_dm.h

@@ -66,6 +66,7 @@ int dm_flags(dm_target_type target, uint32_t *flags);
 #define DM_ACTIVE_VERITY_HASH_DEVICE	(1 << 7)
 #define DM_ACTIVE_VERITY_PARAMS		(1 << 8)
 
+#define DM_ACTIVE_INTEGRITY_PARAMS	(1 << 9)
 
 struct crypt_dm_active_device {
 	dm_target_type target;