crypto: lrw - Fix out-of bounds access on counter overflow

[linux-block.git] / crypto / lrw.c

diff --git a/crypto/lrw.c b/crypto/lrw.c
index 393a782679c7833e1556934a54c1a5a813f7c393..5504d1325a56ab58d583724be58baef24d72b0bb 100644 (file)
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -143,7 +143,12 @@ static inline int get_index128(be128 *block)
                return x + ffz(val);
        }
 
-       return x;
+       /*
+        * If we get here, then x == 128 and we are incrementing the counter
+        * from all ones to all zeros. This means we must return index 127, i.e.
+        * the one corresponding to key2*{ 1,...,1 }.
+        */
+       return 127;
 }
 
 static int post_crypt(struct skcipher_request *req)