summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2016-11-21 15:34:00 +0800
committerHerbert Xu <herbert@gondor.apana.org.au>2016-11-22 15:02:24 +0800
commit8acf7a106326eb94e143552de81f34308149121c (patch)
tree4d96cad9eef7f8f4eb502c3766cfa03f813460e3
parenta8348bca2944d397a528772f5c0ccb47a8b58af4 (diff)
downloadlinux-8acf7a106326eb94e143552de81f34308149121c.tar.bz2
crypto: algif_hash - Fix result clobbering in recvmsg
Recently an init call was added to hash_recvmsg so as to reset the hash state in case a sendmsg call was never made. Unfortunately this ended up clobbering the result if the previous sendmsg was done with a MSG_MORE flag. This patch fixes it by excluding that case when we make the init call. Fixes: a8348bca2944 ("algif_hash - Fix NULL hash crash with shash") Reported-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--crypto/algif_hash.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 05e21b464433..d19b09cdf284 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -214,7 +214,7 @@ static int hash_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0);
- if (!result) {
+ if (!result && !ctx->more) {
err = af_alg_wait_for_completion(
crypto_ahash_init(&ctx->req),
&ctx->completion);