[SRU][Q][PATCH v2 6/6] crypto: algif_aead - Fix minimum RX size check for decryption

[Massimiliano Pellizzer]

From: Herbert Xu <herbert at gondor.apana.org.au>

The check for the minimum receive buffer size did not take the
tag size into account during decryption.  Fix this by adding the
required extra length.

Reported-by: syzbot+aa11561819dc42ebbc7c at syzkaller.appspotmail.com
Reported-by: Daniel Pouzzner <douzzer at mega.nu>
Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
(cherry picked from commit 3d14bd48e3a77091cbce637a12c2ae31b4a1687c)
CVE-2026-31431
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com>
---
 crypto/algif_aead.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index c54693d18832..cb651ab58d62 100644
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -150,7 +150,7 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,
 	if (usedpages < outlen) {
 		size_t less = outlen - usedpages;
 
-		if (used < less) {
+		if (used < less + (ctx->enc ? 0 : as)) {
 			err = -EINVAL;
 			goto free;
 		}
-- 
2.53.0