crypto: shash - Fix buffer overrun in import function

Only set the partial block length to zero if the algorithm is
block-only.  Otherwise the descriptor context could be empty,
e.g., for digest_null.

Reported-by: syzbot+4851c19615d35f0e4d68@syzkaller.appspotmail.com
Fixes: 7650f826f7b2 ("crypto: shash - Handle partial blocks in API")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/shash.c b/crypto/shash.c
index 37537d7995c7b4692a682084a16a3abf540f91fc..4721f5f134f4dae8abbe42e29d2affc07d60e1e2 100644 (file)
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -257,12 +257,13 @@ static int __crypto_shash_import(struct shash_desc *desc, const void *in,
        if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
                return -ENOKEY;
 
-       plen = crypto_shash_blocksize(tfm) + 1;
-       descsize = crypto_shash_descsize(tfm);
        ss = crypto_shash_statesize(tfm);
-       buf[descsize - 1] = 0;
-       if (crypto_shash_block_only(tfm))
+       if (crypto_shash_block_only(tfm)) {
+               plen = crypto_shash_blocksize(tfm) + 1;
                ss -= plen;
+               descsize = crypto_shash_descsize(tfm);
+               buf[descsize - 1] = 0;
+       }
        if (!import) {
                memcpy(buf, in, ss);
                return 0;