Am Donnerstag, 7. September 2017, 08:01:08 CEST schrieb Herbert Xu: Hi Herbert, > On Thu, Sep 07, 2017 at 07:48:53AM +0200, Stephan Müller wrote: > > There is already such check: > > > > static inline int crypto_aead_decrypt(struct aead_request *req) > > { > > > > struct crypto_aead *aead = crypto_aead_reqtfm(req); > > > > if (req->cryptlen < crypto_aead_authsize(aead)) > > > > return -EINVAL; > > > > ... > > That doesn't check assoclen, does it? Right, I mixed up the tag and the AAD, sorry for that. > > > > Perhaps we can simply > > > truncate assoclen in aead_request_set_ad. > > > > I am not sure that would work because at the time we set the AAD len, we > > may not yet have cryptlen. I.e. aead_request_set_ad may be called before > > aead_request_set_crypt. > > We can add the truncation in both places. I sill send a new patch -- shall I first send it excluding stable so that we can review it before bothering the stable folks? > > Cheers, Ciao Stephan