Merge tag 'v5.0-rc6' into devel

Linux 5.0-rc6
author: Linus Walleij <linus.walleij@linaro.org> 2019-02-11 09:17:23 +0100
committer: Linus Walleij <linus.walleij@linaro.org> 2019-02-11 09:17:23 +0100
commit: e65372124cd749ebbe4ac2abe5a511d7d1ac68db (patch)
tree: 1f9fd7cec6ffba19c76fff1e82c562fa1adae5da /crypto/authenc.c
parent: a3240f09307ac978270d423b542f229e2ccc07b8 (diff)
parent: d13937116f1e82bf508a6325111b322c30c85eb9 (diff)
1 files changed, 11 insertions, 3 deletions
diff --git a/crypto/authenc.c b/crypto/authenc.c
index 37f54d1b2f66..4be293a4b5f0 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -58,14 +58,22 @@ int crypto_authenc_extractkeys(struct crypto_authenc_keys *keys, const u8 *key,
 		return -EINVAL;
 	if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM)
 		return -EINVAL;
-	if (RTA_PAYLOAD(rta) < sizeof(*param))
+
+	/*
+	 * RTA_OK() didn't align the rtattr's payload when validating that it
+	 * fits in the buffer.  Yet, the keys should start on the next 4-byte
+	 * aligned boundary.  To avoid confusion, require that the rtattr
+	 * payload be exactly the param struct, which has a 4-byte aligned size.
+	 */
+	if (RTA_PAYLOAD(rta) != sizeof(*param))
 		return -EINVAL;
+	BUILD_BUG_ON(sizeof(*param) % RTA_ALIGNTO);
 
 	param = RTA_DATA(rta);
 	keys->enckeylen = be32_to_cpu(param->enckeylen);
 
-	key += RTA_ALIGN(rta->rta_len);
-	keylen -= RTA_ALIGN(rta->rta_len);
+	key += rta->rta_len;
+	keylen -= rta->rta_len;
 
 	if (keylen < keys->enckeylen)
 		return -EINVAL;
author	Linus Walleij <linus.walleij@linaro.org>	2019-02-11 09:17:23 +0100
committer	Linus Walleij <linus.walleij@linaro.org>	2019-02-11 09:17:23 +0100
commit	e65372124cd749ebbe4ac2abe5a511d7d1ac68db (patch)
tree	1f9fd7cec6ffba19c76fff1e82c562fa1adae5da /crypto/authenc.c
parent	a3240f09307ac978270d423b542f229e2ccc07b8 (diff)
parent	d13937116f1e82bf508a6325111b322c30c85eb9 (diff)