summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2010-11-30 10:04:31 +0100
committerHerbert Xu <herbert@gondor.apana.org.au>2010-11-30 10:04:31 +0100
commitbc97e57eb21f8db55bf0e1f182d384e75b2e3c99 (patch)
tree470a1564aaa3d36f545bb7b4d25e853a38617f01
parentcrypto: algif_skcipher - Fixed overflow when sndbuf is page aligned (diff)
downloadlinux-bc97e57eb21f8db55bf0e1f182d384e75b2e3c99.tar.xz
linux-bc97e57eb21f8db55bf0e1f182d384e75b2e3c99.zip
crypto: algif_skcipher - Handle unaligned receive buffer
As it is if user-space passes through a receive buffer that's not aligned to to the cipher block size, we'll end up encrypting or decrypting a partial block which causes a spurious EINVAL to be returned. This patch fixes this by moving the partial block test after the af_alg_make_sg call. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--crypto/algif_skcipher.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 1f33480e3260..6a6dfc062d2a 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -454,17 +454,17 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
used = min_t(unsigned long, used, seglen);
+ used = af_alg_make_sg(&ctx->rsgl, from, used, 1);
+ err = used;
+ if (err < 0)
+ goto unlock;
+
if (ctx->more || used < ctx->used)
used -= used % bs;
err = -EINVAL;
if (!used)
- goto unlock;
-
- used = af_alg_make_sg(&ctx->rsgl, from, used, 1);
- err = used;
- if (err < 0)
- goto unlock;
+ goto free;
ablkcipher_request_set_crypt(&ctx->req, sg,
ctx->rsgl.sg, used,
@@ -476,6 +476,7 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
crypto_ablkcipher_decrypt(&ctx->req),
&ctx->completion);
+free:
af_alg_free_sg(&ctx->rsgl);
if (err)