/[linux-patches]/genpatches-2.6/tags/2.6.13-4/1003_1_ipsec-oops-fix.patch
Gentoo

Contents of /genpatches-2.6/tags/2.6.13-4/1003_1_ipsec-oops-fix.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 168 - (show annotations) (download)
Sun Sep 18 11:19:29 2005 UTC (8 years, 7 months ago) by dsd
File size: 2171 byte(s)
2.6.13-4 release
1 From stable-bounces@linux.kernel.org Tue Sep 6 15:08:49 2005
2 To: Krzysztof Oledzki <olel@ans.pl>
3 From: Herbert Xu <herbert@gondor.apana.org.au>
4 Cc: stable@kernel.org, "David S. Miller" <davem@davemloft.net>
5 Subject: [CRYPTO] Fix boundary check in standard multi-block cipher processors
6
7 [CRYPTO] Fix boundary check in standard multi-block cipher processors
8
9 Fixes Bug 5194 (IPSec related Oops in 2.6.13).
10
11 The boundary check in the standard multi-block cipher processors are
12 broken when nbytes is not a multiple of bsize. In those cases it will
13 always process an extra block.
14
15 This patch corrects the check so that it processes at most nbytes of data.
16
17 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
18 Signed-off-by: Chris Wright <chrisw@osdl.org>
19 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
20 ---
21 crypto/cipher.c | 12 +++++++++---
22 1 files changed, 9 insertions(+), 3 deletions(-)
23
24 Index: linux-2.6.13.y/crypto/cipher.c
25 ===================================================================
26 --- linux-2.6.13.y.orig/crypto/cipher.c
27 +++ linux-2.6.13.y/crypto/cipher.c
28 @@ -191,6 +191,8 @@ static unsigned int cbc_process_encrypt(
29 u8 *iv = desc->info;
30 unsigned int done = 0;
31
32 + nbytes -= bsize;
33 +
34 do {
35 xor(iv, src);
36 fn(crypto_tfm_ctx(tfm), dst, iv);
37 @@ -198,7 +200,7 @@ static unsigned int cbc_process_encrypt(
38
39 src += bsize;
40 dst += bsize;
41 - } while ((done += bsize) < nbytes);
42 + } while ((done += bsize) <= nbytes);
43
44 return done;
45 }
46 @@ -219,6 +221,8 @@ static unsigned int cbc_process_decrypt(
47 u8 *iv = desc->info;
48 unsigned int done = 0;
49
50 + nbytes -= bsize;
51 +
52 do {
53 u8 *tmp_dst = *dst_p;
54
55 @@ -230,7 +234,7 @@ static unsigned int cbc_process_decrypt(
56
57 src += bsize;
58 dst += bsize;
59 - } while ((done += bsize) < nbytes);
60 + } while ((done += bsize) <= nbytes);
61
62 return done;
63 }
64 @@ -243,12 +247,14 @@ static unsigned int ecb_process(const st
65 void (*fn)(void *, u8 *, const u8 *) = desc->crfn;
66 unsigned int done = 0;
67
68 + nbytes -= bsize;
69 +
70 do {
71 fn(crypto_tfm_ctx(tfm), dst, src);
72
73 src += bsize;
74 dst += bsize;
75 - } while ((done += bsize) < nbytes);
76 + } while ((done += bsize) <= nbytes);
77
78 return done;
79 }

  ViewVC Help
Powered by ViewVC 1.1.20