[PATCH 4.4 17/32] crypto: user - re-add size check for CRYPTO_MSG_GETALG

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Mathias Krause <minipli@googlemail.com>,
	Steffen Klassert <steffen.klassert@secunet.com>,
	Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 4.4 17/32] crypto: user - re-add size check for CRYPTO_MSG_GETALG
Date: Wed,  6 Jul 2016 18:19:27 -0700	[thread overview]
Message-ID: <20160707011627.184004083@linuxfoundation.org> (raw)
In-Reply-To: <20160707011626.475554429@linuxfoundation.org>

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mathias Krause <minipli@googlemail.com>

commit 055ddaace03580455a7b7dbea8e93d62acee61fc upstream.

Commit 9aa867e46565 ("crypto: user - Add CRYPTO_MSG_DELRNG")
accidentally removed the minimum size check for CRYPTO_MSG_GETALG
netlink messages. This allows userland to send a truncated
CRYPTO_MSG_GETALG message as short as a netlink header only making
crypto_report() operate on uninitialized memory by accessing data
beyond the end of the netlink message.

Fix this be re-adding the minimum required size of CRYPTO_MSG_GETALG
messages to the crypto_msg_min[] array.

Fixes: 9aa867e46565 ("crypto: user - Add CRYPTO_MSG_DELRNG")
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 crypto/crypto_user.c |    1 +
 1 file changed, 1 insertion(+)

--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -455,6 +455,7 @@ static const int crypto_msg_min[CRYPTO_N
 	[CRYPTO_MSG_NEWALG	- CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
 	[CRYPTO_MSG_DELALG	- CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
 	[CRYPTO_MSG_UPDATEALG	- CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
+	[CRYPTO_MSG_GETALG	- CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
 	[CRYPTO_MSG_DELRNG	- CRYPTO_MSG_BASE] = 0,
 };

next prev parent reply	other threads:[~2016-07-07  1:20 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-07  1:19 [PATCH 4.4 00/32] 4.4.15-stable review Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 01/32] net_sched: fix pfifo_head_drop behavior vs backlog Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 02/32] net: Dont forget pr_fmt on net_dbg_ratelimited for CONFIG_DYNAMIC_DEBUG Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 03/32] sit: correct IP protocol used in ipip6_err Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 04/32] esp: Fix ESN generation under UDP encapsulation Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 05/32] netem: fix a use after free Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 06/32] ipmr/ip6mr: Initialize the last assert time of mfc entries Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 08/32] sock_diag: do not broadcast raw socket destruction Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 09/32] bpf, perf: delay release of BPF prog after grace period Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 10/32] neigh: Explicitly declare RCU-bh read side critical section in neigh_xmit() Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 11/32] net: macb: fix default configuration for GMAC on AT91 Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 12/32] net: alx: Work around the DMA RX overflow issue Greg Kroah-Hartman
2016-07-07  1:19   ` Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 13/32] bpf: try harder on clones when writing into skb Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 14/32] AX.25: Close socket connection on session completion Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 15/32] crypto: vmx - Increase priority of aes-cbc cipher Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 16/32] crypto: ux500 - memmove the right size Greg Kroah-Hartman
2016-07-07  1:19 ` Greg Kroah-Hartman [this message]
2016-07-07  1:19 ` [PATCH 4.4 18/32] USB: uas: Fix slave queue_depth not being set Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 19/32] usb: quirks: Fix sorting Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 20/32] usb: quirks: Add no-lpm quirk for Acer C120 LED Projector Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 21/32] usb: musb: only restore devctl when session was set in backup Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 22/32] usb: musb: Stop bulk endpoint while queue is rotated Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 23/32] usb: musb: Ensure rx reinit occurs for shared_fifo endpoints Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 24/32] usb: musb: host: correct cppi dma channel for isoch transfer Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 25/32] xhci: Cleanup only when releasing primary hcd Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 26/32] usb: xhci-plat: properly handle probe deferral for devm_clk_get() Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 27/32] USB: xhci: Add broken streams quirk for Frescologic device id 1009 Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 28/32] xhci: Fix handling timeouted commands on hosts in weird states Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 29/32] USB: mos7720: delete parport Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 30/32] usb: gadget: fix spinlock dead lock in gadgetfs Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 31/32] usb: host: ehci-tegra: Grab the correct UTMI pads reset Greg Kroah-Hartman
2016-07-07  1:19 ` [PATCH 4.4 32/32] usb: dwc3: exynos: Fix deferred probing storm Greg Kroah-Hartman
2016-07-07  8:08 ` [PATCH 4.4 00/32] 4.4.15-stable review Nikolay Borisov
2016-07-07 19:11   ` Greg Kroah-Hartman
2016-07-07 13:29 ` Guenter Roeck
2016-07-07 19:14   ` Greg Kroah-Hartman
2016-07-07 16:53 ` Kevin Hilman
2016-07-07 19:15   ` Greg Kroah-Hartman
2016-07-07 22:21     ` Kevin Hilman
2016-07-07 17:55 ` Kevin Hilman
2016-07-08  3:46 ` Shuah Khan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160707011627.184004083@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-kernel@vger.kernel.org \
    --cc=minipli@googlemail.com \
    --cc=stable@vger.kernel.org \
    --cc=steffen.klassert@secunet.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.