From: Herbert Xu Date: Mon, 21 Nov 2016 07:34:00 +0000 (+0800) Subject: crypto: algif_hash - Fix result clobbering in recvmsg X-Git-Tag: v4.14-rc1~1976^2~10 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8acf7a106326eb94e143552de81f34308149121c;p=platform%2Fkernel%2Flinux-rpi.git crypto: algif_hash - Fix result clobbering in recvmsg Recently an init call was added to hash_recvmsg so as to reset the hash state in case a sendmsg call was never made. Unfortunately this ended up clobbering the result if the previous sendmsg was done with a MSG_MORE flag. This patch fixes it by excluding that case when we make the init call. Fixes: a8348bca2944 ("algif_hash - Fix NULL hash crash with shash") Reported-by: Patrick Steinhardt Signed-off-by: Herbert Xu --- diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c index 05e21b4..d19b09c 100644 --- a/crypto/algif_hash.c +++ b/crypto/algif_hash.c @@ -214,7 +214,7 @@ static int hash_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0); - if (!result) { + if (!result && !ctx->more) { err = af_alg_wait_for_completion( crypto_ahash_init(&ctx->req), &ctx->completion);