crypto: af_alg - update correct dst SGL entry

When two adjacent TX SGL are processed and parts of both TX SGLs are pulled into the per-request TX SGL, the wrong per-request TX SGL entries were updated. This fixes a NULL pointer dereference when a cipher implementation walks the TX SGL where some of the SGL entries were NULL. Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory...") Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Stephan Mueller <smueller@chronox.de> 2017-08-30 03:17:39 -0400
committer: Herbert Xu <herbert@gondor.apana.org.au> 2017-09-20 05:42:42 -0400
commit: e117765a117da3ece15689cb8a759d16c415b08c (patch)
tree: a0ad243511df62936e17dfde131209cd6f89221b
parent: c056d910f08029662080a01b4ce2110e2c9a27b6 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index ffa9f4ccd9b4..337cf382718e 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -619,14 +619,14 @@ void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst,
        struct af_alg_ctx *ctx = ask->private;
        struct af_alg_tsgl *sgl;
        struct scatterlist *sg;
-        unsigned int i, j;
+        unsigned int i, j = 0;
        while (!list_empty(&ctx->tsgl_list)) {
                sgl = list_first_entry(&ctx->tsgl_list, struct af_alg_tsgl,
                                       list);
                sg = sgl->sg;
-                for (i = 0, j = 0; i < sgl->cur; i++) {
+                for (i = 0; i < sgl->cur; i++) {
                        size_t plen = min_t(size_t, used, sg[i].length);
                        struct page *page = sg_page(sg + i);
author	Stephan Mueller <smueller@chronox.de>	2017-08-30 03:17:39 -0400
committer	Herbert Xu <herbert@gondor.apana.org.au>	2017-09-20 05:42:42 -0400
commit	e117765a117da3ece15689cb8a759d16c415b08c (patch)
tree	a0ad243511df62936e17dfde131209cd6f89221b
parent	c056d910f08029662080a01b4ce2110e2c9a27b6 (diff)

diff --git a/crypto/af_alg.c b/crypto/af_alg.c index ffa9f4ccd9b4..337cf382718e 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c
@@ -619,14 +619,14 @@ void af_alg_pull_tsgl(struct sock sk, size_t used, struct scatterlist dst,
619	struct af_alg_ctx *ctx = ask->private;	619	struct af_alg_ctx *ctx = ask->private;
620	struct af_alg_tsgl *sgl;	620	struct af_alg_tsgl *sgl;
621	struct scatterlist *sg;	621	struct scatterlist *sg;
622	unsigned int i, j;	622	unsigned int i, j = 0;
623		623
624	while (!list_empty(&ctx->tsgl_list)) {	624	while (!list_empty(&ctx->tsgl_list)) {
625	sgl = list_first_entry(&ctx->tsgl_list, struct af_alg_tsgl,	625	sgl = list_first_entry(&ctx->tsgl_list, struct af_alg_tsgl,
626	list);	626	list);
627	sg = sgl->sg;	627	sg = sgl->sg;
628		628
629	for (i = 0, j = 0; i < sgl->cur; i++) {	629	for (i = 0; i < sgl->cur; i++) {
630	size_t plen = min_t(size_t, used, sg[i].length);	630	size_t plen = min_t(size_t, used, sg[i].length);
631	struct page *page = sg_page(sg + i);	631	struct page *page = sg_page(sg + i);
632		632