Skip to content

Commit 699aea3

Browse files
bmastbergenbmastbergen
committed
crypto: seqiv - Handle EBUSY correctly
jira VULN-155731 cve CVE-2023-53373 commit-author Herbert Xu <herbert@gondor.apana.org.au> commit 32e6202 As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free. Fixes: 0a27032 ("[CRYPTO] seqiv: Add Sequence Number IV Generator") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 32e6202) Signed-off-by: Brett Mastbergen <bmastbergen@ciq.com>
1 parent 64e090c commit 699aea3

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

crypto/seqiv.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ static void seqiv_aead_complete2(struct aead_givcrypt_request *req, int err)
6060
struct aead_request *subreq = aead_givcrypt_reqctx(req);
6161
struct crypto_aead *geniv;
6262

63-
if (err == -EINPROGRESS)
63+
if (err == -EINPROGRESS || err == -EBUSY)
6464
return;
6565

6666
if (err)

0 commit comments

Comments
 (0)