projects / linux-block.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7e34e0b)
crypto: omap-sham - huge buffer access fixes
authorTero Kristo <t-kristo@ti.com>
Wed, 27 May 2020 12:24:26 +0000 (15:24 +0300)
committerHerbert Xu <herbert@gondor.apana.org.au>
Thu, 4 Jun 2020 12:03:41 +0000 (22:03 +1000)
The ctx internal buffer can only hold buflen amount of data, don't try
to copy over more than that. Also, initialize the context sg pointer
if we only have data in the context internal buffer, this can happen
when closing a hash with certain data amounts.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
drivers/crypto/omap-sham.c patch | blob | blame | history

diff --git a/drivers/crypto/omap-sham.c b/drivers/crypto/omap-sham.c
index 34ecace143607175d0aa46a11ca0a4c3be8d0954..5efc66ccef46b82892ca3f4737d99666e4ee166b 100644 (file)
--- a/drivers/crypto/omap-sham.c
+++ b/drivers/crypto/omap-sham.c
@@ -750,8 +750,15 @@ static int omap_sham_align_sgs(struct scatterlist *sg,
        int offset = rctx->offset;
        int bufcnt = rctx->bufcnt;
 
-       if (!sg || !sg->length || !nbytes)
+       if (!sg || !sg->length || !nbytes) {
+               if (bufcnt) {
+                       sg_init_table(rctx->sgl, 1);
+                       sg_set_buf(rctx->sgl, rctx->dd->xmit_buf, bufcnt);
+                       rctx->sg = rctx->sgl;
+               }
+
                return 0;
+       }
 
        new_len = nbytes;
 
@@ -895,7 +902,7 @@ static int omap_sham_prepare_request(struct ahash_request *req, bool update)
        if (hash_later < 0)
                hash_later = 0;
 
-       if (hash_later) {
+       if (hash_later && hash_later <= rctx->buflen) {
                scatterwalk_map_and_copy(rctx->buffer,
                                         req->src,
                                         req->nbytes - hash_later,
Linux 6.x block layer and io_uring tree(s)