Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / a697690bece75d4ba424c1318eb25c37d41d5829
commita697690bece75d4ba424c1318eb25c37d41d5829[log] [tgz]
authorHerbert Xu <herbert@gondor.apana.org.au>Sat Aug 23 01:04:06 2008 +1000
committerHerbert Xu <herbert@gondor.apana.org.au>Sat Aug 23 01:04:06 2008 +1000
tree0ff76eb4486bfa02708ea9a19d330b68bde83a81
parent0c7281c0faa1d0bdbdc647430cbdf7e0aed7f385 [diff]
crypto: authenc - Avoid using clobbered request pointer

Authenc works in two stages for encryption, it first encrypts and
then computes an ICV.  The context memory of the request is used
by both operations.  The problem is that when an asynchronous
encryption completes, we will compute the ICV and then reread the
context memory of the encryption to get the original request.

It just happens that we have a buffer of 16 bytes in front of the
request pointer, so ICVs of 16 bytes (such as SHA1) do not trigger
the bug.  However, any attempt to uses a larger ICV instantly kills
the machine when the first asynchronous encryption is completed.

This patch fixes this by saving the request pointer before we start
the ICV computation.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1 file changed
tree: 0ff76eb4486bfa02708ea9a19d330b68bde83a81
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. usr/
  20. virt/
  21. .gitignore
  22. .mailmap
  23. COPYING
  24. CREDITS
  25. Kbuild
  26. MAINTAINERS
  27. Makefile
  28. README
  29. REPORTING-BUGS