-stable review patch.  If anyone has any objections, please let us know.
---------------------

From: Yehuda Sadeh <yehuda@hq.newdream.net>

upstream commit: f4f689933c63e0fbfba62f2a80efb2b424b139ae

When the total length is shorter than the calculated number of unaligned bytes, the call to shash->update breaks. For example, calling crc32c on unaligned buffer with length of 1 can result in a system crash.

Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
---

 crypto/shash.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -82,6 +82,9 @@ static int shash_update_unaligned(struct
 	u8 buf[shash_align_buffer_size(unaligned_len, alignmask)]
 		__attribute__ ((aligned));
 
+	if (unaligned_len > len)
+		unaligned_len = len;
+
 	memcpy(buf, data, unaligned_len);
 
 	return shash->update(desc, buf, unaligned_len) ?:

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/