archive/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-08-15 14:11:42 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

crypto: shash - Fix buffer overrun in import function

Browse source 
Only set the partial block length to zero if the algorithm is
block-only.  Otherwise the descriptor context could be empty,
e.g., for digest_null.

Reported-by: syzbot+4851c19615d35f0e4d68@syzkaller.appspotmail.com
Fixes: 7650f826f7 ("crypto: shash - Handle partial blocks in API")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Herbert Xu 2025-05-26 16:56:46 +08:00
parent 2297554f01
commit 0a84874c7e
1 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
crypto/shash.c
View file

@ -257,12 +257,13 @@ static int __crypto_shash_import(struct shash_desc *desc, const void *in,
if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
return -ENOKEY;
plen = crypto_shash_blocksize(tfm) + 1;
descsize = crypto_shash_descsize(tfm);
ss = crypto_shash_statesize(tfm);
buf[descsize - 1] = 0;
if (crypto_shash_block_only(tfm))
if (crypto_shash_block_only(tfm)) {
plen = crypto_shash_blocksize(tfm) + 1;
ss -= plen;
descsize = crypto_shash_descsize(tfm);
buf[descsize - 1] = 0;
}
if (!import) {
memcpy(buf, in, ss);
return 0;