setkey_unaligned() commited in ca7c39385ce1a7b44894a4b225a4608624e90730 overwrites unallocated memory in the following memset() because I used the wrong buffer length. Signed-off-by: Sebastian Siewior <sebastian@xxxxxxxxxxxxx> --- a/crypto/ablkcipher.c +++ b/crypto/ablkcipher.c @@ -35,7 +35,7 @@ static int setkey_unaligned(struct crypt alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); memcpy(alignbuffer, key, keylen); ret = cipher->setkey(tfm, alignbuffer, keylen); - memset(alignbuffer, 0, absize); + memset(alignbuffer, 0, keylen); kfree(buffer); return ret; } --- a/crypto/blkcipher.c +++ b/crypto/blkcipher.c @@ -352,7 +352,7 @@ static int setkey_unaligned(struct crypt alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); memcpy(alignbuffer, key, keylen); ret = cipher->setkey(tfm, alignbuffer, keylen); - memset(alignbuffer, 0, absize); + memset(alignbuffer, 0, keylen); kfree(buffer); return ret; } --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -36,7 +36,7 @@ static int setkey_unaligned(struct crypt alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); memcpy(alignbuffer, key, keylen); ret = cia->cia_setkey(tfm, alignbuffer, keylen); - memset(alignbuffer, 0, absize); + memset(alignbuffer, 0, keylen); kfree(buffer); return ret; --- a/crypto/hash.c +++ b/crypto/hash.c @@ -40,7 +40,7 @@ static int hash_setkey_unaligned(struct alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); memcpy(alignbuffer, key, keylen); ret = alg->setkey(crt, alignbuffer, keylen); - memset(alignbuffer, 0, absize); + memset(alignbuffer, 0, keylen); kfree(buffer); return ret; } - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html