Bugzilla – Attachment 49017 Details for
Bug 115200
IPsec crashes kernel
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
[patch]
ipsec-crash-bug115200.patch
ipsec-crash-bug115200.patch (text/plain), 1.64 KB, created by
Olaf Hering
on 2005-09-07 07:48:59 UTC
(
hide
)
Description:
ipsec-crash-bug115200.patch
Filename:
MIME Type:
Creator:
Olaf Hering
Created:
2005-09-07 07:48:59 UTC
Size:
1.64 KB
patch
obsolete
>From: herbert@gondor.apana.org.au >Subject: Bug 115200 - IPsec crashes kernel > >[CRYPTO] Fix boundary check in standard multi-block cipher processors > >The boundary check in the standard multi-block cipher processors are >broken when nbytes is not a multiple of bsize. In those cases it will >always process an extra block. > >This patch corrects the check so that it processes at most nbytes of data. > >Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> >Signed-off-by: Olaf Hering <olh@suse.de> > >diff --git a/crypto/cipher.c b/crypto/cipher.c >--- a/crypto/cipher.c >+++ b/crypto/cipher.c >@@ -191,6 +191,8 @@ static unsigned int cbc_process_encrypt( > u8 *iv = desc->info; > unsigned int done = 0; > >+ nbytes -= bsize; >+ > do { > xor(iv, src); > fn(crypto_tfm_ctx(tfm), dst, iv); >@@ -198,7 +200,7 @@ static unsigned int cbc_process_encrypt( > > src += bsize; > dst += bsize; >- } while ((done += bsize) < nbytes); >+ } while ((done += bsize) <= nbytes); > > return done; > } >@@ -219,6 +221,8 @@ static unsigned int cbc_process_decrypt( > u8 *iv = desc->info; > unsigned int done = 0; > >+ nbytes -= bsize; >+ > do { > u8 *tmp_dst = *dst_p; > >@@ -230,7 +234,7 @@ static unsigned int cbc_process_decrypt( > > src += bsize; > dst += bsize; >- } while ((done += bsize) < nbytes); >+ } while ((done += bsize) <= nbytes); > > return done; > } >@@ -243,12 +247,14 @@ static unsigned int ecb_process(const st > void (*fn)(void *, u8 *, const u8 *) = desc->crfn; > unsigned int done = 0; > >+ nbytes -= bsize; >+ > do { > fn(crypto_tfm_ctx(tfm), dst, src); > > src += bsize; > dst += bsize; >- } while ((done += bsize) < nbytes); >+ } while ((done += bsize) <= nbytes); > > return done; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=49017">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 115200
:
48814
|
48858
|
49008
| 49017 |
49085