git.baikalelectronics.ru Git - kernel.git/commit

author	Stephan Mueller <smueller@chronox.de>
	Wed, 29 Nov 2017 11:02:23 +0000 (12:02 +0100)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Mon, 11 Dec 2017 11:29:54 +0000 (22:29 +1100)
commit	931b8abddf3db04a0e2dcac17da9c12f9694b8eb
tree	dae6e140f8c759c9d966e7cb0e25b5c69f0dae7b	tree \| snapshot
parent	7cd77c826a14bb8e8ec604297d6306c8a74d8dee	commit \| diff

crypto: af_alg - wait for data at beginning of recvmsg

The wait for data is a non-atomic operation that can sleep and therefore
potentially release the socket lock. The release of the socket lock
allows another thread to modify the context data structure. The waiting
operation for new data therefore must be called at the beginning of
recvmsg. This prevents a race condition where checks of the members of
the context data structure are performed by recvmsg while there is a
potential for modification of these values.

Fixes: b20f04c9fab9 ("crypto: algif_skcipher - overhaul memory management")
Fixes: ba7dd698d9f6 ("crypto: algif_aead - overhaul memory management")
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: <stable@vger.kernel.org> # v4.14+
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto/af_alg.c		diff \| blob \| history
crypto/algif_aead.c		diff \| blob \| history
crypto/algif_skcipher.c		diff \| blob \| history