diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2009-08-29 06:44:04 -0400 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2009-08-29 06:44:04 -0400 |
commit | 0c7d400fafaeab6014504a6a6249f01bac7f7db4 (patch) | |
tree | 1bce003eb85e15de168dc92ef09d7e94da24fcc5 | |
parent | b6f34d44cb341ad32f08717d1a2c418e6053a031 (diff) |
crypto: skcipher - Fix skcipher_dequeue_givcrypt NULL test
As struct skcipher_givcrypt_request includes struct crypto_request
at a non-zero offset, testing for NULL after converting the pointer
returned by crypto_dequeue_request does not work. This can result
in IPsec crashes when the queue is depleted.
This patch fixes it by doing the pointer conversion only when the
return value is non-NULL. In particular, we create a new function
__crypto_dequeue_request that does the pointer conversion.
Reported-by: Brad Bosch <bradbosch@comcast.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | crypto/algapi.c | 11 | ||||
-rw-r--r-- | include/crypto/algapi.h | 1 | ||||
-rw-r--r-- | include/crypto/internal/skcipher.h | 4 |
3 files changed, 12 insertions, 4 deletions
diff --git a/crypto/algapi.c b/crypto/algapi.c index 56c62e2858d5..df0863d56995 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c | |||
@@ -692,7 +692,7 @@ out: | |||
692 | } | 692 | } |
693 | EXPORT_SYMBOL_GPL(crypto_enqueue_request); | 693 | EXPORT_SYMBOL_GPL(crypto_enqueue_request); |
694 | 694 | ||
695 | struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue) | 695 | void *__crypto_dequeue_request(struct crypto_queue *queue, unsigned int offset) |
696 | { | 696 | { |
697 | struct list_head *request; | 697 | struct list_head *request; |
698 | 698 | ||
@@ -707,7 +707,14 @@ struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue) | |||
707 | request = queue->list.next; | 707 | request = queue->list.next; |
708 | list_del(request); | 708 | list_del(request); |
709 | 709 | ||
710 | return list_entry(request, struct crypto_async_request, list); | 710 | return (char *)list_entry(request, struct crypto_async_request, list) - |
711 | offset; | ||
712 | } | ||
713 | EXPORT_SYMBOL_GPL(__crypto_dequeue_request); | ||
714 | |||
715 | struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue) | ||
716 | { | ||
717 | return __crypto_dequeue_request(queue, 0); | ||
711 | } | 718 | } |
712 | EXPORT_SYMBOL_GPL(crypto_dequeue_request); | 719 | EXPORT_SYMBOL_GPL(crypto_dequeue_request); |
713 | 720 | ||
diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h index 010545436efa..5a2bd1cc9656 100644 --- a/include/crypto/algapi.h +++ b/include/crypto/algapi.h | |||
@@ -137,6 +137,7 @@ struct crypto_instance *crypto_alloc_instance(const char *name, | |||
137 | void crypto_init_queue(struct crypto_queue *queue, unsigned int max_qlen); | 137 | void crypto_init_queue(struct crypto_queue *queue, unsigned int max_qlen); |
138 | int crypto_enqueue_request(struct crypto_queue *queue, | 138 | int crypto_enqueue_request(struct crypto_queue *queue, |
139 | struct crypto_async_request *request); | 139 | struct crypto_async_request *request); |
140 | void *__crypto_dequeue_request(struct crypto_queue *queue, unsigned int offset); | ||
140 | struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue); | 141 | struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue); |
141 | int crypto_tfm_in_queue(struct crypto_queue *queue, struct crypto_tfm *tfm); | 142 | int crypto_tfm_in_queue(struct crypto_queue *queue, struct crypto_tfm *tfm); |
142 | 143 | ||
diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h index 2ba42cd7d6aa..3a748a6bf772 100644 --- a/include/crypto/internal/skcipher.h +++ b/include/crypto/internal/skcipher.h | |||
@@ -79,8 +79,8 @@ static inline int skcipher_enqueue_givcrypt( | |||
79 | static inline struct skcipher_givcrypt_request *skcipher_dequeue_givcrypt( | 79 | static inline struct skcipher_givcrypt_request *skcipher_dequeue_givcrypt( |
80 | struct crypto_queue *queue) | 80 | struct crypto_queue *queue) |
81 | { | 81 | { |
82 | return container_of(ablkcipher_dequeue_request(queue), | 82 | return __crypto_dequeue_request( |
83 | struct skcipher_givcrypt_request, creq); | 83 | queue, offsetof(struct skcipher_givcrypt_request, creq.base)); |
84 | } | 84 | } |
85 | 85 | ||
86 | static inline void *skcipher_givcrypt_reqctx( | 86 | static inline void *skcipher_givcrypt_reqctx( |