diff options
| author | Mauro Carvalho Chehab <mchehab+samsung@kernel.org> | 2019-02-18 10:12:12 -0500 |
|---|---|---|
| committer | Mauro Carvalho Chehab <mchehab+samsung@kernel.org> | 2019-02-18 10:12:12 -0500 |
| commit | 5f09bc8cc4010a3ea17c5881a62fc45192ebe7b0 (patch) | |
| tree | c8e30ba4eaf357699ef97a786bf56661f4591be8 /crypto/authenc.c | |
| parent | 6fd369dd1cb65a032f1ab9227033ecb7b759656d (diff) | |
| parent | a3b22b9f11d9fbc48b0291ea92259a5a810e9438 (diff) | |
| download | linux-5f09bc8cc4010a3ea17c5881a62fc45192ebe7b0.tar.bz2 | |
Merge tag 'v5.0-rc7' into patchwork
Linux 5.0-rc7
* tag 'v5.0-rc7': (1667 commits)
Linux 5.0-rc7
Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
Input: st-keyscan - fix potential zalloc NULL dereference
Input: apanel - switch to using brightness_set_blocking()
powerpc/64s: Fix possible corruption on big endian due to pgd/pud_present()
efi/arm: Revert "Defer persistent reservations until after paging_init()"
arm64, mm, efi: Account for GICv3 LPI tables in static memblock reserve table
sunrpc: fix 4 more call sites that were using stack memory with a scatterlist
include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
Compiler Attributes: add support for __copy (gcc >= 9)
lib/crc32.c: mark crc32_le_base/__crc32c_le_base aliases as __pure
auxdisplay: ht16k33: fix potential user-after-free on module unload
x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls
i2c: bcm2835: Clear current buffer pointers and counts after a transfer
i2c: cadence: Fix the hold bit setting
drm: Use array_size() when creating lease
dm thin: fix bug where bio that overwrites thin block ignores FUA
Revert "exec: load_script: don't blindly truncate shebang string"
Revert "gfs2: read journal in large chunks to locate the head"
net: ethernet: freescale: set FEC ethtool regs version
...
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Diffstat (limited to 'crypto/authenc.c')
| -rw-r--r-- | crypto/authenc.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/crypto/authenc.c b/crypto/authenc.c index 37f54d1b2f66..4be293a4b5f0 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -58,14 +58,22 @@ int crypto_authenc_extractkeys(struct crypto_authenc_keys *keys, const u8 *key, return -EINVAL; if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) return -EINVAL; - if (RTA_PAYLOAD(rta) < sizeof(*param)) + + /* + * RTA_OK() didn't align the rtattr's payload when validating that it + * fits in the buffer. Yet, the keys should start on the next 4-byte + * aligned boundary. To avoid confusion, require that the rtattr + * payload be exactly the param struct, which has a 4-byte aligned size. + */ + if (RTA_PAYLOAD(rta) != sizeof(*param)) return -EINVAL; + BUILD_BUG_ON(sizeof(*param) % RTA_ALIGNTO); param = RTA_DATA(rta); keys->enckeylen = be32_to_cpu(param->enckeylen); - key += RTA_ALIGN(rta->rta_len); - keylen -= RTA_ALIGN(rta->rta_len); + key += rta->rta_len; + keylen -= rta->rta_len; if (keylen < keys->enckeylen) return -EINVAL; |