From: Ovidiu Panait <ovidiu.panait@xxxxxxxxxxxxx> Currently, it is possible to create duplicated /proc/crypto entries for the same algorithm with the following test program: """ #include <sys/socket.h> #include <linux/if_alg.h> int main(void) { struct sockaddr_alg sa = { .salg_family = AF_ALG, .salg_type = "skcipher", .salg_name = "xts(ecb(aes-generic))extra-bytes", }; int tfmfd; tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0); bind(tfmfd, (struct sockaddr *)&sa, sizeof(sa)); } """ When the alg name contains extra bogus characters after a valid template, the bind() call fails, but a duplicated entry is still registered (in this case xts(ecb(aes-generic))). To fix this, add a check in cryptomgr_schedule_probe() for trailing characters after a valid template. Signed-off-by: Ovidiu Panait <ovidiu.panait@xxxxxxxxxxxxx> --- crypto/algboss.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/crypto/algboss.c b/crypto/algboss.c index 0de1e6697949..8e8039b845a3 100644 --- a/crypto/algboss.c +++ b/crypto/algboss.c @@ -131,8 +131,12 @@ static int cryptomgr_schedule_probe(struct crypto_larval *larval) if (i >= CRYPTO_MAX_ATTRS) goto err_free_param; - if (*p == ')') + if (*p == ')') { + if (*++p) + goto err_free_param; + break; + } if (*p != ',') goto err_free_param; -- 2.34.1