diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2026-04-12 08:11:02 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2026-04-12 08:11:02 -0700 |
| commit | 8648ac819d4bc08f7d2a1e0bc9ec2d83de31f19d (patch) | |
| tree | cbae1e7a9f157adee5a9b2c3fde23f88204f2c78 /crypto/algif_aead.c | |
| parent | f5459048c38a00fc583658d6dcd0f894aff6df8f (diff) | |
| parent | 3d14bd48e3a77091cbce637a12c2ae31b4a1687c (diff) | |
| download | linux-8648ac819d4bc08f7d2a1e0bc9ec2d83de31f19d.tar.gz linux-8648ac819d4bc08f7d2a1e0bc9ec2d83de31f19d.zip | |
Merge tag 'v7.0-p5' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fixes from Herbert Xu:
- Enforce rx socket buffer limit in af_alg
- Fix array overflow in af_alg_pull_tsgl
- Fix out-of-bounds access when parsing extensions in X.509
- Fix minimum rx size check in algif_aead
* tag 'v7.0-p5' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: algif_aead - Fix minimum RX size check for decryption
X.509: Fix out-of-bounds access when parsing extensions
crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
crypto: af_alg - limit RX SG extraction by receive buffer budget
Diffstat (limited to 'crypto/algif_aead.c')
| -rw-r--r-- | crypto/algif_aead.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index dda15bb05e892..f8bd45f7dc839 100644 --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c @@ -144,7 +144,7 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg, if (usedpages < outlen) { size_t less = outlen - usedpages; - if (used < less) { + if (used < less + (ctx->enc ? 0 : as)) { err = -EINVAL; goto free; } |
