From 65493c1a72e53b8655c306c0c244a67e4ead9ce2 Mon Sep 17 00:00:00 2001
From: Chris Wright <chrisw@osdl.org>
Date: Tue, 6 Sep 2005 16:23:28 -0700
Subject: [PATCH] Add ipsec oops fix from Herbert.

---
 queue/ipsec-oops-fix.patch | 76 ++++++++++++++++++++++++++++++++++++++
 queue/series               |  1 +
 2 files changed, 77 insertions(+)
 create mode 100644 queue/ipsec-oops-fix.patch

diff --git a/queue/ipsec-oops-fix.patch b/queue/ipsec-oops-fix.patch
new file mode 100644
index 00000000000..de5d12f0372
--- /dev/null
+++ b/queue/ipsec-oops-fix.patch
@@ -0,0 +1,76 @@
+From stable-bounces@linux.kernel.org  Tue Sep  6 15:08:49 2005
+To: Krzysztof Oledzki <olel@ans.pl>
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: stable@kernel.org, "David S. Miller" <davem@davemloft.net>
+Subject: [CRYPTO] Fix boundary check in standard multi-block cipher processors
+
+[CRYPTO] Fix boundary check in standard multi-block cipher processors
+
+The boundary check in the standard multi-block cipher processors are
+broken when nbytes is not a multiple of bsize.  In those cases it will
+always process an extra block.
+
+This patch corrects the check so that it processes at most nbytes of data.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+ crypto/cipher.c |   12 +++++++++---
+ 1 files changed, 9 insertions(+), 3 deletions(-)
+
+Index: linux-2.6.13.y/crypto/cipher.c
+===================================================================
+--- linux-2.6.13.y.orig/crypto/cipher.c
++++ linux-2.6.13.y/crypto/cipher.c
+@@ -191,6 +191,8 @@ static unsigned int cbc_process_encrypt(
+ 	u8 *iv = desc->info;
+ 	unsigned int done = 0;
+ 
++	nbytes -= bsize;
++
+ 	do {
+ 		xor(iv, src);
+ 		fn(crypto_tfm_ctx(tfm), dst, iv);
+@@ -198,7 +200,7 @@ static unsigned int cbc_process_encrypt(
+ 
+ 		src += bsize;
+ 		dst += bsize;
+-	} while ((done += bsize) < nbytes);
++	} while ((done += bsize) <= nbytes);
+ 
+ 	return done;
+ }
+@@ -219,6 +221,8 @@ static unsigned int cbc_process_decrypt(
+ 	u8 *iv = desc->info;
+ 	unsigned int done = 0;
+ 
++	nbytes -= bsize;
++
+ 	do {
+ 		u8 *tmp_dst = *dst_p;
+ 
+@@ -230,7 +234,7 @@ static unsigned int cbc_process_decrypt(
+ 
+ 		src += bsize;
+ 		dst += bsize;
+-	} while ((done += bsize) < nbytes);
++	} while ((done += bsize) <= nbytes);
+ 
+ 	return done;
+ }
+@@ -243,12 +247,14 @@ static unsigned int ecb_process(const st
+ 	void (*fn)(void *, u8 *, const u8 *) = desc->crfn;
+ 	unsigned int done = 0;
+ 
++	nbytes -= bsize;
++
+ 	do {
+ 		fn(crypto_tfm_ctx(tfm), dst, src);
+ 
+ 		src += bsize;
+ 		dst += bsize;
+-	} while ((done += bsize) < nbytes);
++	} while ((done += bsize) <= nbytes);
+ 
+ 	return done;
+ }
diff --git a/queue/series b/queue/series
index 8624c914497..902b496780f 100644
--- a/queue/series
+++ b/queue/series
@@ -4,3 +4,4 @@ fix-sk_forward_alloc-underflow-in-tcp_sendmsg.patch
 fix-pci-rom-mapping.patch
 pci_assign_unassigned_resources-update.patch
 fix-socket-filter-regression.patch
+ipsec-oops-fix.patch
-- 
2.47.3