On Wed, Dec 20, 2023 at 11:53:55PM +0800, Edward Adam Davis wrote: > The space allocated to areq is not sufficient to access the member __ctx of > struct skcipher_request, as the space occupied by struct arc4_ctx for reading > is 1032 bytes, while the requested memory size in skcipher_recvmsg() is: > sizeof(struct af_alg_async_req) + crypto_skcipher_reqsize(tfm) = 736 bytes, > which does not include the memory required for __ctx of struct skcipher_request. > > Reported-by: syzbot+8ffb0839a24e9c6bfa76@xxxxxxxxxxxxxxxxxxxxxxxxx > Signed-off-by: Edward Adam Davis <eadavis@xxxxxx> > --- > crypto/algif_skcipher.c | 10 +++++++--- > crypto/skcipher.c | 1 - > include/crypto/internal/skcipher.h | 1 + > 3 files changed, 8 insertions(+), 4 deletions(-) I see where the real bug is. The statesize is not being passed along by ecb so that's why we end up with no memory. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt