crypto: lrw - Fix out-of bounds access on counter overflow

[platform/kernel/linux-exynos.git] / crypto / lrw.c

diff --git a/crypto/lrw.c b/crypto/lrw.c
index fdba6dd..886f91f 100644 (file)
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -139,7 +139,12 @@ static inline int get_index128(be128 *block)
                return x + ffz(val);
        }
 
-       return x;
+       /*
+        * If we get here, then x == 128 and we are incrementing the counter
+        * from all ones to all zeros. This means we must return index 127, i.e.
+        * the one corresponding to key2*{ 1,...,1 }.
+        */
+       return 127;
 }
 
 static int post_crypt(struct skcipher_request *req)