In case the user provided insufficient data, the code may return
prematurely without any operation. In this case, the processed
data indicated with outlen is zero.

Reported-by: Stephen Rothwell <s...@canb.auug.org.au>
Signed-off-by: Stephan Mueller <smuel...@chronox.de>
---
 crypto/algif_aead.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index 2fbf239..e9c0993 100644
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -420,7 +420,7 @@ static int aead_recvmsg_async(struct socket *sock, struct 
msghdr *msg,
        unsigned int i, reqlen = GET_REQ_SIZE(tfm);
        int err = -ENOMEM;
        unsigned long used;
-       size_t outlen;
+       size_t outlen = 0;
        size_t usedpages = 0;
 
        lock_sock(sk);
-- 
2.9.3


--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to