[CRYPTO] api: fix writting into unallocated memory in setkey_aligned

setkey_unaligned() commited in ca7c39385ce1a7b44894a4b225a4608624e90730
overwrites unallocated memory in the following memset() because
I used the wrong buffer length.

Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index 1c166b47b4cc5b5a627c9ab5a8821d7f4f482779..3dbb1cc6eab52f5eeba3767f52a6e8225c8d4173 100644 (file)
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -35,7 +35,7 @@ static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key, unsign
        alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
        memcpy(alignbuffer, key, keylen);
        ret = cipher->setkey(tfm, alignbuffer, keylen);
-       memset(alignbuffer, 0, absize);
+       memset(alignbuffer, 0, keylen);
        kfree(buffer);
        return ret;
 }

diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index 40a3dcff15bb89a95ffc4377eb22dc1e24f46e6c..7755834b8846e450d53cac256032295ed7b88830 100644 (file)
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -352,7 +352,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, unsigned int
        alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
        memcpy(alignbuffer, key, keylen);
        ret = cipher->setkey(tfm, alignbuffer, keylen);
-       memset(alignbuffer, 0, absize);
+       memset(alignbuffer, 0, keylen);
        kfree(buffer);
        return ret;
 }

diff --git a/crypto/cipher.c b/crypto/cipher.c
index 0b2650c2014be315703365cd8e040d380c6d447b..fc6b46f2a9b0d495724f32113e18652498cf1035 100644 (file)
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -36,7 +36,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, unsigned int
        alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
        memcpy(alignbuffer, key, keylen);
        ret = cia->cia_setkey(tfm, alignbuffer, keylen);
-       memset(alignbuffer, 0, absize);
+       memset(alignbuffer, 0, keylen);
        kfree(buffer);
        return ret;
 

diff --git a/crypto/hash.c b/crypto/hash.c
index 4d75ca7b57b207fd2466b8adc03e0d42615150e7..4fd470bd729bef90bd9f606dbf43b9367f374165 100644 (file)
--- a/crypto/hash.c
+++ b/crypto/hash.c
@@ -40,7 +40,7 @@ static int hash_setkey_unaligned(struct crypto_hash *crt, const u8 *key,
        alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
        memcpy(alignbuffer, key, keylen);
        ret = alg->setkey(crt, alignbuffer, keylen);
-       memset(alignbuffer, 0, absize);
+       memset(alignbuffer, 0, keylen);
        kfree(buffer);
        return ret;
 }