On Fri, Jan 08, 2016 at 02:55:14PM -0600, Tom Lendacky wrote: > > AF_ALG hash supports the accept() call to allow for partial hash states > to be cloned. If an accept() is issued against a socket before ever > doing a send(), crypto_ahash_init() will never have been called for the > original socket. The hash_accept function in algif_hash will call > crypto_ahash_export() which will return an uninitialized request context > and then use that for import into the new socket. A problem arises here > because hash_accept sets the 'more' bit of the new context to 1 > (ctx2->more = 1). This will cause the first send() call for the new > socket to skip calling crypto_ahash_init() which can result in an > error or oops because the request context for the cloned socket was > never initialized. > > Is it assumed that the accept() call should only ever be made after > having issued at least one send()? Should the ctx2->more value be the > value from the original context so that crypto_ahash_init() is called > when needed? I thought we've already fixed this bug with commit 4afa5f9617927453ac04b24b584f6c718dfb4f45 Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Date: Sun Nov 1 17:11:19 2015 +0800 crypto: algif_hash - Only export and import on sockets with data Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html