crypto: af_alg - Forbid the use internal algorithms

The bit CRYPTO_ALG_INTERNAL was added to stop af_alg from accessing
internal algorithms.  However, af_alg itself was never modified to
actually stop that bit from being used by the user.  Therefore the
user could always override it by specifying the relevant bit in the
type and/or mask.

This patch silently discards the bit in both type and mask.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

1 files changed, 4 insertions, 1 deletions

diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index f22cc56f..2bc180e0 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -127,6 +127,7 @@ EXPORT_SYMBOL_GPL(af_alg_release);
 
 static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 {
+	const u32 forbidden = CRYPTO_ALG_INTERNAL;
 	struct sock *sk = sock->sk;
 	struct alg_sock *ask = alg_sk(sk);
 	struct sockaddr_alg *sa = (void *)uaddr;
@@ -151,7 +152,9 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 	if (IS_ERR(type))
 		return PTR_ERR(type);
 
-	private = type->bind(sa->salg_name, sa->salg_feat, sa->salg_mask);
+	private = type->bind(sa->salg_name,
+			     sa->salg_feat & ~forbidden,
+			     sa->salg_mask & ~forbidden);
 	if (IS_ERR(private)) {
 		module_put(type->owner);
 		return PTR_ERR(private);