Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 2f40a178e70030c4712fe63807c883f34c3645eb
commit2f40a178e70030c4712fe63807c883f34c3645eb[log] [tgz]
authorJoy Latten <latten@austin.ibm.com>Thu Mar 06 19:28:44 2008 +0800
committerHerbert Xu <herbert@gondor.apana.org.au>Thu Mar 06 19:28:44 2008 +0800
tree8b84e1c7a18df7c134d32cbe587cd6d88c9e942e
parent6212f2c7f70c591efb0d9f3d50ad29112392fee2 [diff]
[CRYPTO] xcbc: Fix crash with IPsec

When using aes-xcbc-mac for authentication in IPsec, 
the kernel crashes. It seems this algorithm doesn't 
account for the space IPsec may make in scatterlist for authtag.
Thus when crypto_xcbc_digest_update2() gets called,
nbytes may be less than sg[i].length. 
Since nbytes is an unsigned number, it wraps
at the end of the loop allowing us to go back 
into loop and causing crash in memcpy.

I used update function in digest.c to model this fix.
Please let me know if it looks ok.

Signed-off-by: Joy Latten <latten@austin.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1 file changed
tree: 8b84e1c7a18df7c134d32cbe587cd6d88c9e942e
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. fs/
  7. include/
  8. init/
  9. ipc/
  10. kernel/
  11. lib/
  12. mm/
  13. net/
  14. samples/
  15. scripts/
  16. security/
  17. sound/
  18. usr/
  19. virt/
  20. .gitignore
  21. .mailmap
  22. COPYING
  23. CREDITS
  24. Kbuild
  25. MAINTAINERS
  26. Makefile
  27. README
  28. REPORTING-BUGS