This push fixes a buffer overflow regression in shash.

-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEn51F/lCuNhUwmDeSxycdCkmxi6cFAmg1UWcACgkQxycdCkmx i6fBeA/+KTcDt3AqJl5aU867J4XLrL05YLKGFM598lTYqZSgf3P0gl3upjTWdu8P FAsc1EQqd39OMNlLsCgYaIvAZLP3c272qyvFDr0tAmaUjj0AkvBv0GMIYqxOE2Ei faP2JTfdEY2TQ36m701t6uZ4bEpvhvP2ETpRouwbGGBOQjaciknyho9+mwCGi9UA 54f7THKSw+gHl7Sd6ruYMihJTNItx863kx7IIvOFjiR/13xJOmyp03hU/hqKMHYP x5kIu4C1TcT8xzfvEl/9Xu5F7dpJj9N0Js0Foat4/rHetmAbVT1eKosKZmnX7jg9 SfXRIbmWO0kaGk8b0x2jKj4d6HWjoIeUsXo8LanJ8XNGqeDQGY5tP1tOlQuCLCwa 3+FlkuN08g+Bkv/WK5hkVgMt+tu38ge/yEdIguNzgYejAaaU/o2yCGY4lS4gk1eC 6V0fjAKaZ6oIy+DFQnjmzOEPBw4DVhnjVZckUrxcboS46Ji2wHWy1GhWC45U32DM pm2Qn2lF35WtXEHNKGTCCJM5+3jvQ9SBAb7DWxDC8PL4OQBpHg7oUXrPk7UUzKSs UKOB6U3LoMA59HW/us3RGau1+2cOLXtIHc0/uTQlf/3s6LRF3SJeyO0mcCpga6+O 1JbpUXdCyDCD8kxOUqwAWFw3eA35Itj6xr21vfjW0diWjT8L4gM= =eecQ -----END PGP SIGNATURE----- Merge tag 'v6.16-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fix from Herbert Xu: "Fix a buffer overflow regression in shash" * tag 'v6.16-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: shash - Fix buffer overrun in import function
2026-03-08 03:44:45 +01:00 · 2025-05-28 14:43:00 -07:00 · 2025-05-28 14:43:00 -07:00 · 408aa67404
commit 408aa67404
parent 1cbf99e47f 0a84874c7e
1 changed files with 5 additions and 4 deletions
--- a/crypto/shash.c
+++ b/crypto/shash.c
@ -257,12 +257,13 @@ static int __crypto_shash_import(struct shash_desc *desc, const void *in,
 	if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
 		return -ENOKEY;

-	plen = crypto_shash_blocksize(tfm) + 1;
-	descsize = crypto_shash_descsize(tfm);
 	ss = crypto_shash_statesize(tfm);
-	buf[descsize - 1] = 0;
-	if (crypto_shash_block_only(tfm))
+	if (crypto_shash_block_only(tfm)) {
+		plen = crypto_shash_blocksize(tfm) + 1;
 		ss -= plen;
+		descsize = crypto_shash_descsize(tfm);
+		buf[descsize - 1] = 0;
+	}
 	if (!import) {
 		memcpy(buf, in, ss);
 		return 0;