Merge tag 'v4.4.177' into toradex_vf_4.4-nextColibri-VF_LXDE-Image_2.8b6.183-20190331

This is the 4.4.177 stable release
author: Marcel Ziswiler <marcel.ziswiler@toradex.com> 2019-03-28 11:16:26 +0100
committer: Marcel Ziswiler <marcel.ziswiler@toradex.com> 2019-03-28 11:16:26 +0100
commit: 6f01eb5bf8e8110ab5f3a8e7b0f3abf19a205e4b (patch)
tree: 4b3147335ed97e4b487fd84bcb7a959a38d9656e /crypto/authenc.c
parent: 8f234193b8cc35c44614e4a4b05f2d920ff562e4 (diff)
parent: 6b50202a4d53bf527c640467bcff68b50a5e38a2 (diff)
1 files changed, 11 insertions, 3 deletions
diff --git a/crypto/authenc.c b/crypto/authenc.c
index b7290c5b1eaa..5c25005ff398 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -58,14 +58,22 @@ int crypto_authenc_extractkeys(struct crypto_authenc_keys *keys, const u8 *key,
 		return -EINVAL;
 	if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM)
 		return -EINVAL;
-	if (RTA_PAYLOAD(rta) < sizeof(*param))
+
+	/*
+	 * RTA_OK() didn't align the rtattr's payload when validating that it
+	 * fits in the buffer.  Yet, the keys should start on the next 4-byte
+	 * aligned boundary.  To avoid confusion, require that the rtattr
+	 * payload be exactly the param struct, which has a 4-byte aligned size.
+	 */
+	if (RTA_PAYLOAD(rta) != sizeof(*param))
 		return -EINVAL;
+	BUILD_BUG_ON(sizeof(*param) % RTA_ALIGNTO);
 
 	param = RTA_DATA(rta);
 	keys->enckeylen = be32_to_cpu(param->enckeylen);
 
-	key += RTA_ALIGN(rta->rta_len);
-	keylen -= RTA_ALIGN(rta->rta_len);
+	key += rta->rta_len;
+	keylen -= rta->rta_len;
 
 	if (keylen < keys->enckeylen)
 		return -EINVAL;
author	Marcel Ziswiler <marcel.ziswiler@toradex.com>	2019-03-28 11:16:26 +0100
committer	Marcel Ziswiler <marcel.ziswiler@toradex.com>	2019-03-28 11:16:26 +0100
commit	6f01eb5bf8e8110ab5f3a8e7b0f3abf19a205e4b (patch)
tree	4b3147335ed97e4b487fd84bcb7a959a38d9656e /crypto/authenc.c
parent	8f234193b8cc35c44614e4a4b05f2d920ff562e4 (diff)
parent	6b50202a4d53bf527c640467bcff68b50a5e38a2 (diff)