| Message ID | 20190523050930.11389-1-po-hsu.lin@canonical.com |
|---|---|
| Headers | show |
| Series | crypto: authenc - fix parsing key with misaligned rta_len | expand |
On 2019-05-23 13:09:29 , Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1829725 > > == Justification == > From the commit message: > Keys for "authenc" AEADs are formatted as an rtattr containing a 4-byte > 'enckeylen', followed by an authentication key and an encryption key. > crypto_authenc_extractkeys() parses the key to find the inner keys. > > However, it fails to consider the case where the rtattr's payload is > longer than 4 bytes but not 4-byte aligned, and where the key ends > before the next 4-byte aligned boundary. In this case, 'keylen -= > RTA_ALIGN(rta->rta_len);' underflows to a value near UINT_MAX. This > causes a buffer overread and crash during crypto_ahash_setkey(). > > This error can be easily reproduced with the af_alg06 test in LTP test > suite. (Basically it's the reproducer in the commit message) > > == Fix == > 8f9c4693 (crypto: authenc - fix parsing key with misaligned rta_len) > This patch can be cherry-picked into B/C, and it's already in X/D/E. > > == Test == > Test kernels could be found here: > https://people.canonical.com/~phlin/kernel/lp-1829725-afalg06/ > > Both verified on a KVM node, this issue will no longer exist. > > == Regression potential == > Low, this patch just improves the checking for rtattr payload size to > make sure it's the expected size. Also It has been upstream since 2018 > Dec. and applied in some of our kernels. No subsequent bug report was > filed against it. > > > > Eric Biggers (1): > crypto: authenc - fix parsing key with misaligned rta_len > > crypto/authenc.c | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
On 5/22/19 10:09 PM, Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1829725 > > == Justification == > From the commit message: > Keys for "authenc" AEADs are formatted as an rtattr containing a 4-byte > 'enckeylen', followed by an authentication key and an encryption key. > crypto_authenc_extractkeys() parses the key to find the inner keys. > > However, it fails to consider the case where the rtattr's payload is > longer than 4 bytes but not 4-byte aligned, and where the key ends > before the next 4-byte aligned boundary. In this case, 'keylen -= > RTA_ALIGN(rta->rta_len);' underflows to a value near UINT_MAX. This > causes a buffer overread and crash during crypto_ahash_setkey(). > > This error can be easily reproduced with the af_alg06 test in LTP test > suite. (Basically it's the reproducer in the commit message) > > == Fix == > 8f9c4693 (crypto: authenc - fix parsing key with misaligned rta_len) > This patch can be cherry-picked into B/C, and it's already in X/D/E. > > == Test == > Test kernels could be found here: > https://people.canonical.com/~phlin/kernel/lp-1829725-afalg06/ > > Both verified on a KVM node, this issue will no longer exist. > > == Regression potential == > Low, this patch just improves the checking for rtattr payload size to > make sure it's the expected size. Also It has been upstream since 2018 > Dec. and applied in some of our kernels. No subsequent bug report was > filed against it. > > > > Eric Biggers (1): > crypto: authenc - fix parsing key with misaligned rta_len > > crypto/authenc.c | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > Acked-by: Connor Kuehl <connor.kuehl@canonical.com>
On 5/23/19 7:09 AM, Po-Hsu Lin wrote: > BugLink: https://bugs.launchpad.net/bugs/1829725 > > == Justification == > From the commit message: > Keys for "authenc" AEADs are formatted as an rtattr containing a 4-byte > 'enckeylen', followed by an authentication key and an encryption key. > crypto_authenc_extractkeys() parses the key to find the inner keys. > > However, it fails to consider the case where the rtattr's payload is > longer than 4 bytes but not 4-byte aligned, and where the key ends > before the next 4-byte aligned boundary. In this case, 'keylen -= > RTA_ALIGN(rta->rta_len);' underflows to a value near UINT_MAX. This > causes a buffer overread and crash during crypto_ahash_setkey(). > > This error can be easily reproduced with the af_alg06 test in LTP test > suite. (Basically it's the reproducer in the commit message) > > == Fix == > 8f9c4693 (crypto: authenc - fix parsing key with misaligned rta_len) > This patch can be cherry-picked into B/C, and it's already in X/D/E. > > == Test == > Test kernels could be found here: > https://people.canonical.com/~phlin/kernel/lp-1829725-afalg06/ > > Both verified on a KVM node, this issue will no longer exist. > > == Regression potential == > Low, this patch just improves the checking for rtattr payload size to > make sure it's the expected size. Also It has been upstream since 2018 > Dec. and applied in some of our kernels. No subsequent bug report was > filed against it. > > > > Eric Biggers (1): > crypto: authenc - fix parsing key with misaligned rta_len > > crypto/authenc.c | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > Applied to {bionic,cosmic}/master-next branch. Thanks, Kleber