Patchwork crypto: af_alg - Fix chained tsgl construction

login
register
mail settings
Submitter Herbert Xu
Date Sept. 13, 2017, 2:13 p.m.
Message ID <20170913141353.GA4702@gondor.apana.org.au>
Download mbox | patch
Permalink /patch/9951483/
State Not Applicable
Delegated to: Herbert Xu
Headers show

Comments

Herbert Xu - Sept. 13, 2017, 2:13 p.m.
When af_alg_pull_tsgl encounters a chained tsgl list, it will
produce a bogus SG list because the output index gets incorrectly
reset to zero when we move to the next chained list.

This patch fixes it by moving the index initialisation outside
the loop.

Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory...")
Reported-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Patch

diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index ffa9f4c..337cf38 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -619,14 +619,14 @@  void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst,
 	struct af_alg_ctx *ctx = ask->private;
 	struct af_alg_tsgl *sgl;
 	struct scatterlist *sg;
-	unsigned int i, j;
+	unsigned int i, j = 0;
 
 	while (!list_empty(&ctx->tsgl_list)) {
 		sgl = list_first_entry(&ctx->tsgl_list, struct af_alg_tsgl,
 				       list);
 		sg = sgl->sg;
 
-		for (i = 0, j = 0; i < sgl->cur; i++) {
+		for (i = 0; i < sgl->cur; i++) {
 			size_t plen = min_t(size_t, used, sg[i].length);
 			struct page *page = sg_page(sg + i);