If a read(2) of less than a full block size is attempted we will end up doing a zero-length operation. This patch makes that return -EINVAL instead, which is what we did originally. Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory...") Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c index 4c3bdffe0c3a5..24dd2fc2431cc 100644 --- a/crypto/algif_skcipher.c +++ b/crypto/algif_skcipher.c @@ -85,6 +85,10 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg, if (ctx->more || len < ctx->used) len -= len % bs; + err = -EINVAL; + if (!len) + goto free; + /* * Create a per request TX SGL for this request which tracks the * SG entries from the global TX SGL. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt