diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2010-11-30 10:04:31 +0100 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2010-11-30 10:04:31 +0100 |
commit | bc97e57eb21f8db55bf0e1f182d384e75b2e3c99 (patch) | |
tree | 470a1564aaa3d36f545bb7b4d25e853a38617f01 /crypto | |
parent | crypto: algif_skcipher - Fixed overflow when sndbuf is page aligned (diff) | |
download | linux-bc97e57eb21f8db55bf0e1f182d384e75b2e3c99.tar.xz linux-bc97e57eb21f8db55bf0e1f182d384e75b2e3c99.zip |
crypto: algif_skcipher - Handle unaligned receive buffer
As it is if user-space passes through a receive buffer that's not
aligned to to the cipher block size, we'll end up encrypting or
decrypting a partial block which causes a spurious EINVAL to be
returned.
This patch fixes this by moving the partial block test after the
af_alg_make_sg call.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/algif_skcipher.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c index 1f33480e3260..6a6dfc062d2a 100644 --- a/crypto/algif_skcipher.c +++ b/crypto/algif_skcipher.c @@ -454,17 +454,17 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock, used = min_t(unsigned long, used, seglen); + used = af_alg_make_sg(&ctx->rsgl, from, used, 1); + err = used; + if (err < 0) + goto unlock; + if (ctx->more || used < ctx->used) used -= used % bs; err = -EINVAL; if (!used) - goto unlock; - - used = af_alg_make_sg(&ctx->rsgl, from, used, 1); - err = used; - if (err < 0) - goto unlock; + goto free; ablkcipher_request_set_crypt(&ctx->req, sg, ctx->rsgl.sg, used, @@ -476,6 +476,7 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock, crypto_ablkcipher_decrypt(&ctx->req), &ctx->completion); +free: af_alg_free_sg(&ctx->rsgl); if (err) |