crypto: af_alg - Forbid the use internal algorithms

The bit CRYPTO_ALG_INTERNAL was added to stop af_alg from accessing internal algorithms. However, af_alg itself was never modified to actually stop that bit from being used by the user. Therefore the user could always override it by specifying the relevant bit in the type and/or mask. This patch silently discards the bit in both type and mask. Signed-off-by: N Herbert Xu <herbert@gondor.apana.org.au>

crypto: af_alg - Forbid the use internal algorithms
The bit CRYPTO_ALG_INTERNAL was added to stop af_alg from accessing internal algorithms. However, af_alg itself was never modified to actually stop that bit from being used by the user. Therefore the user could always override it by specifying the relevant bit in the type and/or mask. This patch silently discards the bit in both type and mask. Signed-off-by: N Herbert Xu <herbert@gondor.apana.org.au>
15539de5 · Herbert Xu · 9fcc704d · 15539de5
隐藏空白更改
内联并排

Showing with 4 addition and 1 deletion

crypto/af_alg.c crypto/af_alg.c +4 -1

未找到文件。
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -127,6 +127,7 @@ EXPORT_SYMBOL_GPL(af_alg_release);
 static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 {
+	const u32 forbidden = CRYPTO_ALG_INTERNAL;
 	struct sock *sk = sock->sk;
 	struct alg_sock *ask = alg_sk(sk);
 	struct sockaddr_alg *sa = (void *)uaddr;
@@ -151,7 +152,9 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 	if (IS_ERR(type))
 		return PTR_ERR(type);
-	private = type->bind(sa->salg_name, sa->salg_feat, sa->salg_mask);
+	private = type->bind(sa->salg_name,
+			     sa->salg_feat & ~forbidden,
+			     sa->salg_mask & ~forbidden);
 	if (IS_ERR(private)) {
 		module_put(type->owner);
 		return PTR_ERR(private);