If a scatterwalk chain contains an entry with an unaligned offset then
hash_walk_next() will cut off the next step at the next alignment point.
However, if the entry ends before the next alignment point then we a loop,
which leads to a kernel oops.
Fix this by checking whether the next aligment point is before the end of the
current entry.
Signed-off-by: Szilveszter ?rd?g <[email protected]>
---
Added the Signed-off-by line
crypto/ahash.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/crypto/ahash.c b/crypto/ahash.c
index b8c59b8..f669822 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -47,8 +47,11 @@ static int hash_walk_next(struct crypto_hash_walk *walk)
walk->data = crypto_kmap(walk->pg, 0);
walk->data += offset;
- if (offset & alignmask)
- nbytes = alignmask + 1 - (offset & alignmask);
+ if (offset & alignmask) {
+ unsigned int unaligned = alignmask + 1 - (offset & alignmask);
+ if (nbytes > unaligned)
+ nbytes = unaligned;
+ }
walk->entrylen -= nbytes;
return nbytes;
--
1.5.5.6
On Thu, Aug 05, 2010 at 12:05:49PM +0200, Szilveszter ?rd?g wrote:
> If a scatterwalk chain contains an entry with an unaligned offset then
> hash_walk_next() will cut off the next step at the next alignment point.
>
> However, if the entry ends before the next alignment point then we a loop,
> which leads to a kernel oops.
>
> Fix this by checking whether the next aligment point is before the end of the
> current entry.
>
> Signed-off-by: Szilveszter ?rd?g <[email protected]>
Patch applied to crypto-2.6. Thanks!
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt