diff options
| author | Ondrej Mosnacek <omosnace@redhat.com> | 2020-08-12 15:58:25 +0300 |
|---|---|---|
| committer | Sasha Levin <sashal@kernel.org> | 2024-03-27 01:22:33 +0300 |
| commit | 17a1144baa54edb9c97014ad441a03b93e50ab75 (patch) | |
| tree | a200df51709f2a6eedf929b6918d0dd749e14fdf /crypto | |
| parent | d619f175ff50582c05858cb96d05391f77c7c7aa (diff) | |
| download | linux-17a1144baa54edb9c97014ad441a03b93e50ab75.tar.xz | |
crypto: algif_aead - fix uninitialized ctx->init
[ Upstream commit 21dfbcd1f5cbff9cf2f9e7e43475aed8d072b0dd ]
In skcipher_accept_parent_nokey() the whole af_alg_ctx structure is
cleared by memset() after allocation, so add such memset() also to
aead_accept_parent_nokey() so that the new "init" field is also
initialized to zero. Without that the initial ctx->init checks might
randomly return true and cause errors.
While there, also remove the redundant zero assignments in both
functions.
Found via libkcapi testsuite.
Cc: Stephan Mueller <smueller@chronox.de>
Fixes: f3c802a1f300 ("crypto: algif_aead - Only wake up when ctx->more is zero")
Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/algif_aead.c | 6 | ||||
| -rw-r--r-- | crypto/algif_skcipher.c | 7 |
2 files changed, 1 insertions, 12 deletions
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index 182783801ffa..4cb2b1217549 100644 --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c @@ -563,12 +563,6 @@ static int aead_accept_parent_nokey(void *private, struct sock *sk) INIT_LIST_HEAD(&ctx->tsgl_list); ctx->len = len; - ctx->used = 0; - atomic_set(&ctx->rcvused, 0); - ctx->more = 0; - ctx->merge = 0; - ctx->enc = 0; - ctx->aead_assoclen = 0; crypto_init_wait(&ctx->wait); ask->private = ctx; diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c index 9d2e9783c0d4..af08fc18a492 100644 --- a/crypto/algif_skcipher.c +++ b/crypto/algif_skcipher.c @@ -337,6 +337,7 @@ static int skcipher_accept_parent_nokey(void *private, struct sock *sk) ctx = sock_kmalloc(sk, len, GFP_KERNEL); if (!ctx) return -ENOMEM; + memset(ctx, 0, len); ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(tfm), GFP_KERNEL); @@ -344,16 +345,10 @@ static int skcipher_accept_parent_nokey(void *private, struct sock *sk) sock_kfree_s(sk, ctx, len); return -ENOMEM; } - memset(ctx->iv, 0, crypto_skcipher_ivsize(tfm)); INIT_LIST_HEAD(&ctx->tsgl_list); ctx->len = len; - ctx->used = 0; - atomic_set(&ctx->rcvused, 0); - ctx->more = 0; - ctx->merge = 0; - ctx->enc = 0; crypto_init_wait(&ctx->wait); ask->private = ctx; |