crypto: algif_skcipher - sendmsg SG marking is off by one

[ Upstream commit 202736d9 ] We mark the end of the SG list in sendmsg and sendpage and unmark it on the next send call. Unfortunately the unmarking in sendmsg is off-by-one, leading to an SG list that is too short. Fixes: 0f477b65 ("crypto: algif - Mark sgl end at the end of data") Cc: stable@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>

crypto: algif_skcipher - sendmsg SG marking is off by one
[ Upstream commit 202736d9 ] We mark the end of the SG list in sendmsg and sendpage and unmark it on the next send call. Unfortunately the unmarking in sendmsg is off-by-one, leading to an SG list that is too short. Fixes: 0f477b65 ("crypto: algif - Mark sgl end at the end of data") Cc: stable@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
a9c56fd0 · Herbert Xu · Sasha Levin · 5446a444 · a9c56fd0
Commit a9c56fd0 authored Jan 19, 2016 by Herbert Xu Committed by Sasha Levin Feb 03, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

crypto/algif_skcipher.c crypto/algif_skcipher.c +2 -1

No files found.
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -387,7 +387,8 @@ static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg,

 		sgl = list_entry(ctx->tsgl.prev, struct skcipher_sg_list, list);
 		sg = sgl->sg;
-		sg_unmark_end(sg + sgl->cur);
+		if (sgl->cur)
+			sg_unmark_end(sg + sgl->cur - 1);
 		do {
 			i = sgl->cur;
 			plen = min_t(int, len, PAGE_SIZE);