Add ipsec oops fix from Herbert.

diff --git a/queue/ipsec-oops-fix.patch b/queue/ipsec-oops-fix.patch
new file mode 100644 (file)
index 0000000..de5d12f
--- /dev/null
+++ b/queue/ipsec-oops-fix.patch
@@ -0,0 +1,76 @@
+From stable-bounces@linux.kernel.org  Tue Sep  6 15:08:49 2005
+To: Krzysztof Oledzki <olel@ans.pl>
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: stable@kernel.org, "David S. Miller" <davem@davemloft.net>
+Subject: [CRYPTO] Fix boundary check in standard multi-block cipher processors
+
+[CRYPTO] Fix boundary check in standard multi-block cipher processors
+
+The boundary check in the standard multi-block cipher processors are
+broken when nbytes is not a multiple of bsize.  In those cases it will
+always process an extra block.
+
+This patch corrects the check so that it processes at most nbytes of data.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+ crypto/cipher.c |   12 +++++++++---
+ 1 files changed, 9 insertions(+), 3 deletions(-)
+
+Index: linux-2.6.13.y/crypto/cipher.c
+===================================================================
+--- linux-2.6.13.y.orig/crypto/cipher.c
++++ linux-2.6.13.y/crypto/cipher.c
+@@ -191,6 +191,8 @@ static unsigned int cbc_process_encrypt(
+       u8 *iv = desc->info;
+       unsigned int done = 0;
+ 
++      nbytes -= bsize;
++
+       do {
+               xor(iv, src);
+               fn(crypto_tfm_ctx(tfm), dst, iv);
+@@ -198,7 +200,7 @@ static unsigned int cbc_process_encrypt(
+ 
+               src += bsize;
+               dst += bsize;
+-      } while ((done += bsize) < nbytes);
++      } while ((done += bsize) <= nbytes);
+ 
+       return done;
+ }
+@@ -219,6 +221,8 @@ static unsigned int cbc_process_decrypt(
+       u8 *iv = desc->info;
+       unsigned int done = 0;
+ 
++      nbytes -= bsize;
++
+       do {
+               u8 *tmp_dst = *dst_p;
+ 
+@@ -230,7 +234,7 @@ static unsigned int cbc_process_decrypt(
+ 
+               src += bsize;
+               dst += bsize;
+-      } while ((done += bsize) < nbytes);
++      } while ((done += bsize) <= nbytes);
+ 
+       return done;
+ }
+@@ -243,12 +247,14 @@ static unsigned int ecb_process(const st
+       void (*fn)(void *, u8 *, const u8 *) = desc->crfn;
+       unsigned int done = 0;
+ 
++      nbytes -= bsize;
++
+       do {
+               fn(crypto_tfm_ctx(tfm), dst, src);
+ 
+               src += bsize;
+               dst += bsize;
+-      } while ((done += bsize) < nbytes);
++      } while ((done += bsize) <= nbytes);
+ 
+       return done;
+ }

diff --git a/queue/series b/queue/series
index 8624c9144973272c5f2251dc9becd08623a503ca..902b496780fc94c9c79436eddfc555e1fee56d85 100644 (file)
--- a/queue/series
+++ b/queue/series
@@ -4,3 +4,4 @@ fix-sk_forward_alloc-underflow-in-tcp_sendmsg.patch
 fix-pci-rom-mapping.patch
 pci_assign_unassigned_resources-update.patch
 fix-socket-filter-regression.patch
+ipsec-oops-fix.patch