With AF_ALG, AAD len and cryptlen can be set freely by unprivileged user space. The cipher implementation must therefore validate the input data for sanity. For AEAD ciphers, this implies that cryptlen must be at least as large as AAD size. This fixes a kernel crash that can be triggered via AF_ALG detected by the fuzzing test implemented with libkcapi. CC: <stable@xxxxxxxxxxxxxxx> CC: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx> --- crypto/authenc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/authenc.c b/crypto/authenc.c index 875470b0e026..21e202fc32c1 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -209,6 +209,9 @@ static int crypto_authenc_encrypt(struct aead_request *req) struct scatterlist *src, *dst; int err; + if (req->assoclen > cryptlen) + return -EINVAL; + src = scatterwalk_ffwd(areq_ctx->src, req->src, req->assoclen); dst = src; -- 2.13.5