From 15539de5c958d4943cc2f2f35f7e313bff5922b6 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Mon, 22 Jun 2015 10:14:19 +0800 Subject: [PATCH] crypto: af_alg - Forbid the use internal algorithms The bit CRYPTO_ALG_INTERNAL was added to stop af_alg from accessing internal algorithms. However, af_alg itself was never modified to actually stop that bit from being used by the user. Therefore the user could always override it by specifying the relevant bit in the type and/or mask. This patch silently discards the bit in both type and mask. Signed-off-by: Herbert Xu --- crypto/af_alg.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crypto/af_alg.c b/crypto/af_alg.c index f22cc56fd1b3..2bc180e02115 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -127,6 +127,7 @@ EXPORT_SYMBOL_GPL(af_alg_release); static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) { + const u32 forbidden = CRYPTO_ALG_INTERNAL; struct sock *sk = sock->sk; struct alg_sock *ask = alg_sk(sk); struct sockaddr_alg *sa = (void *)uaddr; @@ -151,7 +152,9 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) if (IS_ERR(type)) return PTR_ERR(type); - private = type->bind(sa->salg_name, sa->salg_feat, sa->salg_mask); + private = type->bind(sa->salg_name, + sa->salg_feat & ~forbidden, + sa->salg_mask & ~forbidden); if (IS_ERR(private)) { module_put(type->owner); return PTR_ERR(private); -- 2.20.1