* [PATCH] crypto: AF_ALG - update correct dst SGL entry
@ 2017-08-30 7:17 Stephan Müller
2017-09-20 8:34 ` Herbert Xu
2017-09-21 8:07 ` Herbert Xu
0 siblings, 2 replies; 3+ messages in thread
From: Stephan Müller @ 2017-08-30 7:17 UTC (permalink / raw)
To: herbert; +Cc: linux-crypto
When two adjacent TX SGL are processed and parts of both TX SGLs
are pulled into the per-request TX SGL, the wrong per-request
TX SGL entries were updated.
This fixes a NULL pointer dereference when a cipher implementation walks
the TX SGL where some of the SGL entries were NULL.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
crypto/af_alg.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index ffa9f4ccd9b4..337cf382718e 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -619,14 +619,14 @@ void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst,
struct af_alg_ctx *ctx = ask->private;
struct af_alg_tsgl *sgl;
struct scatterlist *sg;
- unsigned int i, j;
+ unsigned int i, j = 0;
while (!list_empty(&ctx->tsgl_list)) {
sgl = list_first_entry(&ctx->tsgl_list, struct af_alg_tsgl,
list);
sg = sgl->sg;
- for (i = 0, j = 0; i < sgl->cur; i++) {
+ for (i = 0; i < sgl->cur; i++) {
size_t plen = min_t(size_t, used, sg[i].length);
struct page *page = sg_page(sg + i);
--
2.13.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] crypto: AF_ALG - update correct dst SGL entry
2017-08-30 7:17 [PATCH] crypto: AF_ALG - update correct dst SGL entry Stephan Müller
@ 2017-09-20 8:34 ` Herbert Xu
2017-09-21 8:07 ` Herbert Xu
1 sibling, 0 replies; 3+ messages in thread
From: Herbert Xu @ 2017-09-20 8:34 UTC (permalink / raw)
To: Stephan Müller; +Cc: linux-crypto
On Wed, Aug 30, 2017 at 09:17:39AM +0200, Stephan Müller wrote:
> When two adjacent TX SGL are processed and parts of both TX SGLs
> are pulled into the per-request TX SGL, the wrong per-request
> TX SGL entries were updated.
>
> This fixes a NULL pointer dereference when a cipher implementation walks
> the TX SGL where some of the SGL entries were NULL.
>
> Signed-off-by: Stephan Mueller <smueller@chronox.de>
Oops, looks like you already sent me this fix. It should have
this fixes header:
Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory...")
Cheers,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] crypto: AF_ALG - update correct dst SGL entry
2017-08-30 7:17 [PATCH] crypto: AF_ALG - update correct dst SGL entry Stephan Müller
2017-09-20 8:34 ` Herbert Xu
@ 2017-09-21 8:07 ` Herbert Xu
1 sibling, 0 replies; 3+ messages in thread
From: Herbert Xu @ 2017-09-21 8:07 UTC (permalink / raw)
To: Stephan Müller; +Cc: linux-crypto
On Wed, Aug 30, 2017 at 09:17:39AM +0200, Stephan Müller wrote:
> When two adjacent TX SGL are processed and parts of both TX SGLs
> are pulled into the per-request TX SGL, the wrong per-request
> TX SGL entries were updated.
>
> This fixes a NULL pointer dereference when a cipher implementation walks
> the TX SGL where some of the SGL entries were NULL.
>
> Signed-off-by: Stephan Mueller <smueller@chronox.de>
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-09-21 8:07 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-08-30 7:17 [PATCH] crypto: AF_ALG - update correct dst SGL entry Stephan Müller
2017-09-20 8:34 ` Herbert Xu
2017-09-21 8:07 ` Herbert Xu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.