crypto: shash - Fix buffer overrun in import function

herbertx · herbertx · commit 0a84874c7e7d · 2025-05-27T13:43:32.000+08:00
Only set the partial block length to zero if the algorithm is block-only. Otherwise the descriptor context could be empty, e.g., for digest_null. Reported-by: syzbot+4851c19615d35f0e4d68@syzkaller.appspotmail.com Fixes: 7650f82 ("crypto: shash - Handle partial blocks in API") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
diff --git a/crypto/shash.c b/crypto/shash.c
@@ -257,12 +257,13 @@ static int __crypto_shash_import(struct shash_desc *desc, const void *in,
 	if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
 		return -ENOKEY;
 
-	plen = crypto_shash_blocksize(tfm) + 1;
-	descsize = crypto_shash_descsize(tfm);
 	ss = crypto_shash_statesize(tfm);
-	buf[descsize - 1] = 0;
-	if (crypto_shash_block_only(tfm))
+	if (crypto_shash_block_only(tfm)) {
+		plen = crypto_shash_blocksize(tfm) + 1;
 		ss -= plen;
+		descsize = crypto_shash_descsize(tfm);
+		buf[descsize - 1] = 0;
+	}
 	if (!import) {
 		memcpy(buf, in, ss);
 		return 0;
