crypto: algif_aead - Fix minimum RX size check for decryption

commit 3d14bd48e3a77091cbce637a12c2ae31b4a1687c upstream.

The check for the minimum receive buffer size did not take the
tag size into account during decryption.  Fix this by adding the
required extra length.

Reported-by: syzbot+aa11561819dc42ebbc7c@syzkaller.appspotmail.com
Reported-by: Daniel Pouzzner <douzzer@mega.nu>
Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index 24e77f4968a615b40880f3e3782b946bb1f17ef0..4a285994d106c9dd99da5426fa4abd8a4941bea1 100644 (file)
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -150,7 +150,7 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,
        if (usedpages < outlen) {
                size_t less = outlen - usedpages;
 
-               if (used < less) {
+               if (used < less + (ctx->enc ? 0 : as)) {
                        err = -EINVAL;
                        goto free;
                }