Commit e117765a authored by Stephan Mueller's avatar Stephan Mueller Committed by Herbert Xu

crypto: af_alg - update correct dst SGL entry

When two adjacent TX SGL are processed and parts of both TX SGLs
are pulled into the per-request TX SGL, the wrong per-request
TX SGL entries were updated.

This fixes a NULL pointer dereference when a cipher implementation walks
the TX SGL where some of the SGL entries were NULL.

Fixes: e870456d ("crypto: algif_skcipher - overhaul memory...")
Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent c056d910
...@@ -619,14 +619,14 @@ void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst, ...@@ -619,14 +619,14 @@ void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst,
struct af_alg_ctx *ctx = ask->private; struct af_alg_ctx *ctx = ask->private;
struct af_alg_tsgl *sgl; struct af_alg_tsgl *sgl;
struct scatterlist *sg; struct scatterlist *sg;
unsigned int i, j; unsigned int i, j = 0;
while (!list_empty(&ctx->tsgl_list)) { while (!list_empty(&ctx->tsgl_list)) {
sgl = list_first_entry(&ctx->tsgl_list, struct af_alg_tsgl, sgl = list_first_entry(&ctx->tsgl_list, struct af_alg_tsgl,
list); list);
sg = sgl->sg; sg = sgl->sg;
for (i = 0, j = 0; i < sgl->cur; i++) { for (i = 0; i < sgl->cur; i++) {
size_t plen = min_t(size_t, used, sg[i].length); size_t plen = min_t(size_t, used, sg[i].length);
struct page *page = sg_page(sg + i); struct page *page = sg_page(sg + i);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment