From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Eric Biggers <ebiggers@google.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 4.4 047/104] crypto: authenc - fix parsing key with misaligned rta_len
Date: Thu, 24 Jan 2019 20:19:36 +0100 [thread overview]
Message-ID: <20190124190200.831578267@linuxfoundation.org> (raw)
In-Reply-To: <20190124190154.968308875@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers@google.com>
commit 8f9c469348487844328e162db57112f7d347c49f upstream.
Keys for "authenc" AEADs are formatted as an rtattr containing a 4-byte
'enckeylen', followed by an authentication key and an encryption key.
crypto_authenc_extractkeys() parses the key to find the inner keys.
However, it fails to consider the case where the rtattr's payload is
longer than 4 bytes but not 4-byte aligned, and where the key ends
before the next 4-byte aligned boundary. In this case, 'keylen -=
RTA_ALIGN(rta->rta_len);' underflows to a value near UINT_MAX. This
causes a buffer overread and crash during crypto_ahash_setkey().
Fix it by restricting the rtattr payload to the expected size.
Reproducer using AF_ALG:
#include <linux/if_alg.h>
#include <linux/rtnetlink.h>
#include <sys/socket.h>
int main()
{
int fd;
struct sockaddr_alg addr = {
.salg_type = "aead",
.salg_name = "authenc(hmac(sha256),cbc(aes))",
};
struct {
struct rtattr attr;
__be32 enckeylen;
char keys[1];
} __attribute__((packed)) key = {
.attr.rta_len = sizeof(key),
.attr.rta_type = 1 /* CRYPTO_AUTHENC_KEYA_PARAM */,
};
fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(fd, (void *)&addr, sizeof(addr));
setsockopt(fd, SOL_ALG, ALG_SET_KEY, &key, sizeof(key));
}
It caused:
BUG: unable to handle kernel paging request at ffff88007ffdc000
PGD 2e01067 P4D 2e01067 PUD 2e04067 PMD 2e05067 PTE 0
Oops: 0000 [#1] SMP
CPU: 0 PID: 883 Comm: authenc Not tainted 4.20.0-rc1-00108-g00c9fe37a7f27 #13
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-20181126_142135-anatol 04/01/2014
RIP: 0010:sha256_ni_transform+0xb3/0x330 arch/x86/crypto/sha256_ni_asm.S:155
[...]
Call Trace:
sha256_ni_finup+0x10/0x20 arch/x86/crypto/sha256_ssse3_glue.c:321
crypto_shash_finup+0x1a/0x30 crypto/shash.c:178
shash_digest_unaligned+0x45/0x60 crypto/shash.c:186
crypto_shash_digest+0x24/0x40 crypto/shash.c:202
hmac_setkey+0x135/0x1e0 crypto/hmac.c:66
crypto_shash_setkey+0x2b/0xb0 crypto/shash.c:66
shash_async_setkey+0x10/0x20 crypto/shash.c:223
crypto_ahash_setkey+0x2d/0xa0 crypto/ahash.c:202
crypto_authenc_setkey+0x68/0x100 crypto/authenc.c:96
crypto_aead_setkey+0x2a/0xc0 crypto/aead.c:62
aead_setkey+0xc/0x10 crypto/algif_aead.c:526
alg_setkey crypto/af_alg.c:223 [inline]
alg_setsockopt+0xfe/0x130 crypto/af_alg.c:256
__sys_setsockopt+0x6d/0xd0 net/socket.c:1902
__do_sys_setsockopt net/socket.c:1913 [inline]
__se_sys_setsockopt net/socket.c:1910 [inline]
__x64_sys_setsockopt+0x1f/0x30 net/socket.c:1910
do_syscall_64+0x4a/0x180 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Fixes: e236d4a89a2f ("[CRYPTO] authenc: Move enckeylen into key itself")
Cc: <stable@vger.kernel.org> # v2.6.25+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/authenc.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -58,14 +58,22 @@ int crypto_authenc_extractkeys(struct cr
return -EINVAL;
if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM)
return -EINVAL;
- if (RTA_PAYLOAD(rta) < sizeof(*param))
+
+ /*
+ * RTA_OK() didn't align the rtattr's payload when validating that it
+ * fits in the buffer. Yet, the keys should start on the next 4-byte
+ * aligned boundary. To avoid confusion, require that the rtattr
+ * payload be exactly the param struct, which has a 4-byte aligned size.
+ */
+ if (RTA_PAYLOAD(rta) != sizeof(*param))
return -EINVAL;
+ BUILD_BUG_ON(sizeof(*param) % RTA_ALIGNTO);
param = RTA_DATA(rta);
keys->enckeylen = be32_to_cpu(param->enckeylen);
- key += RTA_ALIGN(rta->rta_len);
- keylen -= RTA_ALIGN(rta->rta_len);
+ key += rta->rta_len;
+ keylen -= rta->rta_len;
if (keylen < keys->enckeylen)
return -EINVAL;
next prev parent reply other threads:[~2019-01-24 19:27 UTC|newest]
Thread overview: 112+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-24 19:18 [PATCH 4.4 000/104] 4.4.172-stable review Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 001/104] tty/ldsem: Wake up readers after timed out down_write() Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 002/104] can: gw: ensure DLC boundaries after CAN frame modification Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 003/104] f2fs: clean up argument of recover_data Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 004/104] f2fs: cover more area with nat_tree_lock Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 005/104] f2fs: move sanity checking of cp into get_valid_checkpoint Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 006/104] f2fs: fix to convert inline directory correctly Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 007/104] f2fs: give -EINVAL for norecovery and rw mount Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 008/104] f2fs: remove an obsolete variable Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 009/104] f2fs: factor out fsync inode entry operations Greg Kroah-Hartman
2019-01-24 19:18 ` [PATCH 4.4 010/104] f2fs: fix inode cache leak Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 011/104] f2fs: fix to avoid reading out encrypted data in page cache Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 012/104] f2fs: not allow to write illegal blkaddr Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 013/104] f2fs: avoid unneeded loop in build_sit_entries Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 014/104] f2fs: use crc and cp version to determine roll-forward recovery Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 015/104] f2fs: introduce get_checkpoint_version for cleanup Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 016/104] f2fs: put directory inodes before checkpoint in roll-forward recovery Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 017/104] f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 018/104] f2fs: detect wrong layout Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 019/104] f2fs: free meta pages if sanity check for ckpt is failed Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 020/104] f2fs: fix race condition in between free nid allocator/initializer Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 021/104] f2fs: return error during fill_super Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 022/104] f2fs: check blkaddr more accuratly before issue a bio Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 023/104] f2fs: sanity check on sit entry Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 024/104] f2fs: enhance sanity_check_raw_super() to avoid potential overflow Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 025/104] f2fs: clean up with is_valid_blkaddr() Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 026/104] f2fs: introduce and spread verify_blkaddr Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 027/104] f2fs: fix to do sanity check with secs_per_zone Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 028/104] f2fs: fix to do sanity check with user_block_count Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 029/104] f2fs: Add sanity_check_inode() function Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 030/104] f2fs: fix to do sanity check with node footer and iblocks Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 031/104] f2fs: fix to do sanity check with reserved blkaddr of inline inode Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 032/104] f2fs: fix to do sanity check with block address in main area Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 033/104] f2fs: fix to do sanity check with block address in main area v2 Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 034/104] f2fs: fix to do sanity check with cp_pack_start_sum Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 035/104] f2fs: fix invalid memory access Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 036/104] f2fs: fix missing up_read Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 037/104] f2fs: fix validation of the block count in sanity_check_raw_super Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 038/104] media: em28xx: Fix misplaced reset of dev->v4l::field_count Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 039/104] proc: Remove empty line in /proc/self/status Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 040/104] arm64/kvm: consistently handle host HCR_EL2 flags Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 041/104] arm64: Dont trap host pointer auth use to EL2 Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 042/104] ipv6: fix kernel-infoleak in ipv6_local_error() Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 043/104] net: bridge: fix a bug on using a neighbour cache entry without checking its state Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 044/104] packet: Do not leak dev refcounts on error exit Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 045/104] ip: on queued skb use skb_header_pointer instead of pskb_may_pull Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 046/104] crypto: authencesn - Avoid twice completion call in decrypt path Greg Kroah-Hartman
2019-01-24 19:19 ` Greg Kroah-Hartman [this message]
2019-01-24 19:19 ` [PATCH 4.4 048/104] btrfs: wait on ordered extents on abort cleanup Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 049/104] Yama: Check for pid death before checking ancestry Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 050/104] scsi: sd: Fix cache_type_store() Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 051/104] mips: fix n32 compat_ipc_parse_version Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 052/104] mfd: tps6586x: Handle interrupts on suspend Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 053/104] Disable MSI also when pcie-octeon.pcie_disable on Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 054/104] omap2fb: Fix stack memory disclosure Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 055/104] media: vivid: fix error handling of kthread_run Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 056/104] media: vivid: set min width/height to a value > 0 Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 057/104] LSM: Check for NULL cred-security on free Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 058/104] media: vb2: vb2_mmap: move lock up Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 059/104] sunrpc: handle ENOMEM in rpcb_getport_async Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 060/104] selinux: fix GPF on invalid policy Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 061/104] sctp: allocate sctp_sockaddr_entry with kzalloc Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 062/104] tipc: fix uninit-value in tipc_nl_compat_link_reset_stats Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 063/104] tipc: fix uninit-value in tipc_nl_compat_bearer_enable Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 064/104] tipc: fix uninit-value in tipc_nl_compat_link_set Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 065/104] tipc: fix uninit-value in tipc_nl_compat_name_table_dump Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 066/104] tipc: fix uninit-value in tipc_nl_compat_doit Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 067/104] block/loop: Use global lock for ioctl() operation Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 068/104] loop: Fold __loop_release into loop_release Greg Kroah-Hartman
2019-01-28 13:31 ` Jan Kara
2019-01-30 7:30 ` Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 069/104] loop: Get rid of loop_index_mutex Greg Kroah-Hartman
2019-01-24 19:19 ` [PATCH 4.4 070/104] loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 071/104] drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 072/104] media: vb2: be sure to unlock mutex on errors Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 073/104] r8169: Add support for new Realtek Ethernet Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 074/104] ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 075/104] ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 076/104] xfs: dont fail when converting shortform attr to long form during ATTR_REPLACE Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 077/104] platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 078/104] e1000e: allow non-monotonic SYSTIM readings Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 079/104] writeback: dont decrement wb->refcnt if !wb->bdi Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 080/104] MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 081/104] arm64: perf: set suppress_bind_attrs flag to true Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 082/104] jffs2: Fix use of uninitialized delayed_work, lockdep breakage Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 083/104] pstore/ram: Do not treat empty buffers as valid Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 084/104] powerpc/pseries/cpuidle: Fix preempt warning Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 085/104] media: firewire: Fix app_info parameter type in avc_ca{,_app}_info Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 086/104] net: call sk_dst_reset when set SO_DONTROUTE Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 087/104] scsi: target: use consistent left-aligned ASCII INQUIRY data Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 088/104] clk: imx6q: reset exclusive gates on init Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 089/104] kconfig: fix file name and line number of warn_ignored_character() Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 090/104] kconfig: fix memory leak when EOF is encountered in quotation Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 091/104] mmc: atmel-mci: do not assume idle after atmci_request_end Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 092/104] perf intel-pt: Fix error with config term "pt=0" Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 093/104] perf svghelper: Fix unchecked usage of strncpy() Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 094/104] perf parse-events: " Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 095/104] dm kcopyd: Fix bug causing workqueue stalls Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 096/104] dm snapshot: Fix excessive memory usage and " Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 097/104] ALSA: bebob: fix model-id of unit for Apogee Ensemble Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 098/104] sysfs: Disable lockdep for driver bind/unbind files Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 099/104] scsi: megaraid: fix out-of-bound array accesses Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 100/104] ocfs2: fix panic due to unrecovered local alloc Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 101/104] mm/page-writeback.c: dont break integrity writeback on ->writepage() error Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 102/104] mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 103/104] net: speed up skb_rbtree_purge() Greg Kroah-Hartman
2019-01-24 19:20 ` [PATCH 4.4 104/104] ipmi:ssif: Fix handling of multi-part return messages Greg Kroah-Hartman
2019-01-25 16:32 ` [PATCH 4.4 000/104] 4.4.172-stable review Naresh Kamboju
2019-01-25 16:34 ` shuah
2019-01-25 23:16 ` Guenter Roeck
2019-01-26 12:06 ` Jon Hunter
2019-01-26 12:06 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190124190200.831578267@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ebiggers@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.