On Wed, Jun 22, 2016 at 08:29:37PM +0200, Mathias Krause wrote: > Commit 9aa867e46565 ("crypto: user - Add CRYPTO_MSG_DELRNG") > accidentally removed the minimum size check for CRYPTO_MSG_GETALG > netlink messages. This allows userland to send a truncated > CRYPTO_MSG_GETALG message as short as a netlink header only making > crypto_report() operate on uninitialized memory by accessing data > beyond the end of the netlink message. > > Fix this be re-adding the minimum required size of CRYPTO_MSG_GETALG > messages to the crypto_msg_min[] array. > > Fixes: 9aa867e46565 ("crypto: user - Add CRYPTO_MSG_DELRNG") > Cc: stable@xxxxxxxxxxxxxxx # v4.2 > Signed-off-by: Mathias Krause <minipli@xxxxxxxxxxxxxx> > Cc: Steffen Klassert <steffen.klassert@xxxxxxxxxxx> > --- > This should go on top of crypto-2.6/master. Patch applied to crypto. Thanks! -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html