Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 539

kernel-2.6.18-238.el5.src.rpm

From: Neil Horman <nhorman@redhat.com>
Date: Thu, 18 Sep 2008 09:56:27 -0400
Subject: [crypto] fix ipsec crash with MAC longer than 16 bytes
Message-id: 20080918135627.GB20500@hmsendeavour.rdu.redhat.com
O-Subject: Re: [RHEL 5.3 PATCH]: fix ipsec crash with MAC longer than 16 bytes.
Bugzilla: 459812
RH-Acked-by: David Miller <davem@redhat.com>
RH-Acked-by: Herbert Xu <herbert.xu@redhat.com>

Hey-
        Backport of upstream commit 697690bece75d4ba424c1318eb25c37d41d5829,
written by Herbert Xu.  This patch prevents the use of a clobbered request
pointer in the authenc code, which results in an oops.  This can occur in the
ipsec code when endpoints are communicating that have MAC addresses longer than
16 bytes (since thats the size of the buffer preceding the pointer).  Resolves
bz 459812.  Please ACK.

Neil

diff --git a/crypto/authenc.c b/crypto/authenc.c
index 612d65a..8ab7000 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -174,8 +174,9 @@ static int crypto_authenc_genicv(struct aead_request *req, u8 *iv,
 static void crypto_authenc_encrypt_done(struct crypto_async_request *req,
 					int err)
 {
+	struct aead_request *areq = req->data;
+
 	if (!err) {
-		struct aead_request *areq = req->data;
 		struct crypto_aead *authenc = crypto_aead_reqtfm(areq);
 		struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
 		struct ablkcipher_request *abreq = aead_request_ctx(areq);
@@ -185,7 +186,7 @@ static void crypto_authenc_encrypt_done(struct crypto_async_request *req,
 		err = crypto_authenc_genicv(areq, iv, 0);
 	}
 
-	aead_request_complete(req->data, err);
+	aead_request_complete(areq, err);
 }
 
 static int crypto_authenc_encrypt(struct aead_request *req)
@@ -216,13 +217,15 @@ static int crypto_authenc_encrypt(struct aead_request *req)
 static void crypto_authenc_givencrypt_done(struct crypto_async_request *req,
 					   int err)
 {
+	struct aead_request *areq = req->data;
+
 	if (!err) {
-		struct aead_givcrypt_request *greq = req->data;
+		struct skcipher_givcrypt_request *greq = aead_request_ctx(areq);
 
-		err = crypto_authenc_genicv(&greq->areq, greq->giv, 0);
+		err = crypto_authenc_genicv(areq, greq->giv, 0);
 	}
 
-	aead_request_complete(req->data, err);
+	aead_request_complete(areq, err);
 }
 
 static int crypto_authenc_givencrypt(struct aead_givcrypt_request *req)

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional