-stable review patch. If anyone has any objections, please let us know.
---------------------
From: Yehuda Sadeh <[email protected]>
upstream commit: f4f689933c63e0fbfba62f2a80efb2b424b139ae
When the total length is shorter than the calculated number of unaligned bytes, the call to shash->update breaks. For example, calling crc32c on unaligned buffer with length of 1 can result in a system crash.
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Chris Wright <[email protected]>
---
crypto/shash.c | 3 +++
1 file changed, 3 insertions(+)
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -82,6 +82,9 @@ static int shash_update_unaligned(struct
u8 buf[shash_align_buffer_size(unaligned_len, alignmask)]
__attribute__ ((aligned));
+ if (unaligned_len > len)
+ unaligned_len = len;
+
memcpy(buf, data, unaligned_len);
return shash->update(desc, buf, unaligned_len) ?: