From: Stephan Mueller <smueller@chronox.de>
Date: Sat, 7 Jul 2018 18:41:47 +0000 (+0200)
Subject: crypto: af_alg - Initialize sg_num_bytes in error code path
X-Git-Tag: v4.14.57~37
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c4bfed85bae8eba6cce22f9b9cce530720527411;p=platform%2Fkernel%2Flinux-exynos.git

crypto: af_alg - Initialize sg_num_bytes in error code path

commit 2546da99212f22034aecf279da9c47cbfac6c981 upstream.

The RX SGL in processing is already registered with the RX SGL tracking
list to support proper cleanup. The cleanup code path uses the
sg_num_bytes variable which must therefore be always initialized, even
in the error code path.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Reported-by: syzbot+9c251bdd09f83b92ba95@syzkaller.appspotmail.com
#syz test: https://github.com/google/kmsan.git master
CC: <stable@vger.kernel.org> #4.14
Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management")
Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 815ee10..42dfdd1 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -1183,8 +1183,10 @@ int af_alg_get_rsgl(struct sock *sk, struct msghdr *msg, int flags,
 
 		/* make one iovec available as scatterlist */
 		err = af_alg_make_sg(&rsgl->sgl, &msg->msg_iter, seglen);
-		if (err < 0)
+		if (err < 0) {
+			rsgl->sg_num_bytes = 0;
 			return err;
+		}
 
 		/* chain the new scatterlist with previous one */
 		if (areq->last_rsgl)