From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Tue, 28 Mar 2023 03:54:24 +0000 (+0800)
Subject: crypto: algif_hash - Allocate hash state with kmalloc
X-Git-Tag: v6.4-rc1~146^2~44
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=acc03d8908fdd8f24d5c0510a7c1767e176da4bc;p=thirdparty%2Fkernel%2Fstable.git

crypto: algif_hash - Allocate hash state with kmalloc

Allocating the hash state on the stack limits its size.  Change
this to use kmalloc so the limit can be removed for new drivers.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 1d017ec5c63c5..63af72e19fa8c 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -235,24 +235,31 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
 	struct alg_sock *ask = alg_sk(sk);
 	struct hash_ctx *ctx = ask->private;
 	struct ahash_request *req = &ctx->req;
-	char state[HASH_MAX_STATESIZE];
+	struct crypto_ahash *tfm;
 	struct sock *sk2;
 	struct alg_sock *ask2;
 	struct hash_ctx *ctx2;
+	char *state;
 	bool more;
 	int err;
 
+	tfm = crypto_ahash_reqtfm(req);
+	state = kmalloc(crypto_ahash_statesize(tfm), GFP_KERNEL);
+	err = -ENOMEM;
+	if (!state)
+		goto out;
+
 	lock_sock(sk);
 	more = ctx->more;
 	err = more ? crypto_ahash_export(req, state) : 0;
 	release_sock(sk);
 
 	if (err)
-		return err;
+		goto out_free_state;
 
 	err = af_alg_accept(ask->parent, newsock, kern);
 	if (err)
-		return err;
+		goto out_free_state;
 
 	sk2 = newsock->sk;
 	ask2 = alg_sk(sk2);
@@ -260,7 +267,7 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
 	ctx2->more = more;
 
 	if (!more)
-		return err;
+		goto out_free_state;
 
 	err = crypto_ahash_import(&ctx2->req, state);
 	if (err) {
@@ -268,6 +275,10 @@ static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
 		sock_put(sk2);
 	}
 
+out_free_state:
+	kfree_sensitive(state);
+
+out:
 	return err;
 }