crypto: algif_aead - Fix minimum RX size check for decryption

The check for the minimum receive buffer size did not take the
tag size into account during decryption.  Fix this by adding the
required extra length.

Reported-by: syzbot+aa11561819dc42ebbc7c@syzkaller.appspotmail.com
Reported-by: Daniel Pouzzner <douzzer@mega.nu>
Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index dda15bb05e892dd3dde529495a3b8fe3fc29c119..f8bd45f7dc83929d20a4d2379ca7f44f77bb4769 100644 (file)
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -144,7 +144,7 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,
        if (usedpages < outlen) {
                size_t less = outlen - usedpages;
 
-               if (used < less) {
+               if (used < less + (ctx->enc ? 0 : as)) {
                        err = -EINVAL;
                        goto free;
                }