Skip to content

Commit 8495c8b

Browse files
committed
crypto: authencesn - Fix src offset when decrypting in-place
jira VULN-181881 cve-bf CVE-2026-31431 commit-author Herbert Xu <herbert@gondor.apana.org.au> commit 1f48ad3 The src SG list offset wasn't set properly when decrypting in-place, fix it. Reported-by: Wolfgang Walter <linux@stwm.de> Fixes: e024941 ("crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 1f48ad3) Signed-off-by: Sultan Alsawaf <sultan@ciq.com>
1 parent 4b3f1f8 commit 8495c8b

1 file changed

Lines changed: 4 additions & 2 deletions

File tree

crypto/authencesn.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -261,9 +261,11 @@ static int crypto_authenc_esn_decrypt_tail(struct aead_request *req,
261261

262262
decrypt:
263263

264-
if (src != dst)
265-
src = scatterwalk_ffwd(areq_ctx->src, src, assoclen);
266264
dst = scatterwalk_ffwd(areq_ctx->dst, dst, assoclen);
265+
if (req->src == req->dst)
266+
src = dst;
267+
else
268+
src = scatterwalk_ffwd(areq_ctx->src, src, assoclen);
267269

268270
skcipher_request_set_tfm(skreq, ctx->enc);
269271
skcipher_request_set_callback(skreq, flags,

0 commit comments

Comments
 (0)