From: Horia Geant? Date: Tue, 12 May 2015 08:28:05 +0000 (+0300) Subject: crypto: talitos - avoid out of bound scatterlist iterator X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=bde9079f3cd5e4275be2169cf7b0c74bfb464f78;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git crypto: talitos - avoid out of bound scatterlist iterator Check return value of scatterlist_sg_next(), i.e. don't rely solely on number of bytes to be processed or number of scatterlist entries. Signed-off-by: Horia Geanta Signed-off-by: Herbert Xu --- diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c index 5f7c74d0afc3..ba5f68b987ab 100644 --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c @@ -1065,7 +1065,7 @@ static int sg_to_link_tbl(struct scatterlist *sg, int sg_count, { int n_sg = sg_count; - while (n_sg--) { + while (sg && n_sg--) { to_talitos_ptr(link_tbl_ptr, sg_dma_address(sg), 0); link_tbl_ptr->len = cpu_to_be16(sg_dma_len(sg)); link_tbl_ptr->j_extent = 0; @@ -1254,7 +1254,7 @@ static int sg_count(struct scatterlist *sg_list, int nbytes, bool *chained) int sg_nents = 0; *chained = false; - while (nbytes > 0) { + while (nbytes > 0 && sg) { sg_nents++; nbytes -= sg->length; if (!sg_is_last(sg) && (sg + 1)->length == 0)