Skip to content

Commit ad16369

Browse files
committed
crypto: algif_aead - Fix minimum RX size check for decryption
jira KERNEL-949 Rebuild_History Non-Buildable kernel-4.18.0-553.123.1.el8_10 commit-author Herbert Xu <herbert@gondor.apana.org.au> commit 3d14bd4 The check for the minimum receive buffer size did not take the tag size into account during decryption. Fix this by adding the required extra length. Reported-by: syzbot+aa11561819dc42ebbc7c@syzkaller.appspotmail.com Reported-by: Daniel Pouzzner <douzzer@mega.nu> Fixes: d887c52 ("crypto: algif_aead - overhaul memory management") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 3d14bd4) Signed-off-by: Jonathan Maple <jmaple@ciq.com>
1 parent 976d258 commit ad16369

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

crypto/algif_aead.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,7 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,
174174
if (usedpages < outlen) {
175175
size_t less = outlen - usedpages;
176176

177-
if (used < less) {
177+
if (used < less + (ctx->enc ? 0 : as)) {
178178
err = -EINVAL;
179179
goto free;
180180
}

0 commit comments

Comments
 (0)