crypto: af_alg - Forbid the use internal algorithms

The bit CRYPTO_ALG_INTERNAL was added to stop af_alg from accessing internal algorithms. However, af_alg itself was never modified to actually stop that bit from being used by the user. Therefore the user could always override it by specifying the relevant bit in the type and/or mask. This patch silently discards the bit in both type and mask. Change-Id: Ia07e574c69389da594155bfdf83f7937c55026c8 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Herbert Xu <herbert@gondor.apana.org.au> 2015-06-22 10:14:19 +0800
committer: Mister Oyster <oysterized@gmail.com> 2017-12-14 13:50:26 +0100
commit: 2d5e3c9f473699ac70806800018e1fbc996121ad (patch)
tree: ec77a40bd4182223f92d4c1f9aa30277df43e3ac /crypto
parent: 86a089f9d5daa70415ba2dae64f46850898822a3 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index dc3ddef69..5a790f446 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -155,6 +155,7 @@ EXPORT_SYMBOL_GPL(af_alg_release_parent);
 
 static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 {
+	const u32 forbidden = CRYPTO_ALG_INTERNAL;
 	struct sock *sk = sock->sk;
 	struct alg_sock *ask = alg_sk(sk);
 	struct sockaddr_alg *sa = (void *)uaddr;
@@ -180,7 +181,9 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 	if (IS_ERR(type))
 		return PTR_ERR(type);
 
-	private = type->bind(sa->salg_name, sa->salg_feat, sa->salg_mask);
+	private = type->bind(sa->salg_name,
+			     sa->salg_feat & ~forbidden,
+			     sa->salg_mask & ~forbidden);
 	if (IS_ERR(private)) {
 		module_put(type->owner);
 		return PTR_ERR(private);
author	Herbert Xu <herbert@gondor.apana.org.au>	2015-06-22 10:14:19 +0800
committer	Mister Oyster <oysterized@gmail.com>	2017-12-14 13:50:26 +0100
commit	2d5e3c9f473699ac70806800018e1fbc996121ad (patch)
tree	ec77a40bd4182223f92d4c1f9aa30277df43e3ac /crypto
parent	86a089f9d5daa70415ba2dae64f46850898822a3 (diff)