* [dhowells-fs:crypto-krb5 6/21] crypto/krb5/kdf.c:116 crypto_krb5_get_Kc() error: buffer overflow 'buf' 4 <= 4
@ 2023-12-27 19:00 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2023-12-27 19:00 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp, Dan Carpenter
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
TO: David Howells <dhowells@redhat.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git crypto-krb5
head: ebd44e15422341724b06a3a13590ea80244ebbd6
commit: b468b20c76d24a3eee1e29352769251daae938f9 [6/21] crypto/krb5: Provide infrastructure and key derivation
:::::: branch date: 6 days ago
:::::: commit date: 6 days ago
config: powerpc-randconfig-r071-20231226 (https://download.01.org/0day-ci/archive/20231228/202312280208.kXOfvCcb-lkp@intel.com/config)
compiler: clang version 18.0.0git (https://github.com/llvm/llvm-project d3ef86708241a3bee902615c190dead1638c4e09)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202312280208.kXOfvCcb-lkp@intel.com/
smatch warnings:
crypto/krb5/kdf.c:116 crypto_krb5_get_Kc() error: buffer overflow 'buf' 4 <= 4
crypto/krb5/kdf.c:161 crypto_krb5_get_Ke() error: buffer overflow 'buf' 4 <= 4
crypto/krb5/kdf.c:206 crypto_krb5_get_Ki() error: buffer overflow 'buf' 4 <= 4
vim +/buf +116 crypto/krb5/kdf.c
b468b20c76d24a David Howells 2020-09-03 89
b468b20c76d24a David Howells 2020-09-03 90 /**
b468b20c76d24a David Howells 2020-09-03 91 * crypto_krb5_get_Kc - Derive key Kc and install into a hash
b468b20c76d24a David Howells 2020-09-03 92 * @krb5: The encryption type to use
b468b20c76d24a David Howells 2020-09-03 93 * @TK: The base key
b468b20c76d24a David Howells 2020-09-03 94 * @usage: The key usage number
b468b20c76d24a David Howells 2020-09-03 95 * @key: Prepped buffer to store the key into
b468b20c76d24a David Howells 2020-09-03 96 * @_shash: Where to put the hash (or NULL if not wanted)
b468b20c76d24a David Howells 2020-09-03 97 * @gfp: Allocation restrictions
b468b20c76d24a David Howells 2020-09-03 98 *
b468b20c76d24a David Howells 2020-09-03 99 * Derive the Kerberos Kc checksumming key and, optionally, allocate a hash and
b468b20c76d24a David Howells 2020-09-03 100 * install the key into it, returning the hash. The key is stored into the
b468b20c76d24a David Howells 2020-09-03 101 * prepared buffer.
b468b20c76d24a David Howells 2020-09-03 102 */
b468b20c76d24a David Howells 2020-09-03 103 int crypto_krb5_get_Kc(const struct krb5_enctype *krb5,
b468b20c76d24a David Howells 2020-09-03 104 const struct krb5_buffer *TK,
b468b20c76d24a David Howells 2020-09-03 105 u32 usage,
b468b20c76d24a David Howells 2020-09-03 106 struct krb5_buffer *key,
b468b20c76d24a David Howells 2020-09-03 107 struct crypto_shash **_shash,
b468b20c76d24a David Howells 2020-09-03 108 gfp_t gfp)
b468b20c76d24a David Howells 2020-09-03 109 {
b468b20c76d24a David Howells 2020-09-03 110 struct crypto_shash *shash;
b468b20c76d24a David Howells 2020-09-03 111 int ret;
b468b20c76d24a David Howells 2020-09-03 112 u8 buf[CRYPTO_MINALIGN] __aligned(CRYPTO_MINALIGN);
b468b20c76d24a David Howells 2020-09-03 113 struct krb5_buffer usage_constant = { .len = 5, .data = buf };
b468b20c76d24a David Howells 2020-09-03 114
b468b20c76d24a David Howells 2020-09-03 115 *(__be32 *)buf = cpu_to_be32(usage);
b468b20c76d24a David Howells 2020-09-03 @116 buf[4] = KEY_USAGE_SEED_CHECKSUM;
b468b20c76d24a David Howells 2020-09-03 117
b468b20c76d24a David Howells 2020-09-03 118 key->len = krb5->Kc_len;
b468b20c76d24a David Howells 2020-09-03 119 ret = krb5->profile->calc_Kc(krb5, TK, &usage_constant, key, gfp);
b468b20c76d24a David Howells 2020-09-03 120 if (ret < 0)
b468b20c76d24a David Howells 2020-09-03 121 return ret;
b468b20c76d24a David Howells 2020-09-03 122
b468b20c76d24a David Howells 2020-09-03 123 if (_shash) {
b468b20c76d24a David Howells 2020-09-03 124 shash = crypto_alloc_shash(krb5->cksum_name, 0, 0);
b468b20c76d24a David Howells 2020-09-03 125 if (IS_ERR(shash))
b468b20c76d24a David Howells 2020-09-03 126 return (PTR_ERR(shash) == -ENOENT) ? -ENOPKG : PTR_ERR(shash);
b468b20c76d24a David Howells 2020-09-03 127 *_shash = shash;
b468b20c76d24a David Howells 2020-09-03 128 ret = crypto_shash_setkey(shash, key->data, key->len);
b468b20c76d24a David Howells 2020-09-03 129 }
b468b20c76d24a David Howells 2020-09-03 130
b468b20c76d24a David Howells 2020-09-03 131 return ret;
b468b20c76d24a David Howells 2020-09-03 132 }
b468b20c76d24a David Howells 2020-09-03 133 EXPORT_SYMBOL(crypto_krb5_get_Kc);
b468b20c76d24a David Howells 2020-09-03 134
b468b20c76d24a David Howells 2020-09-03 135 /**
b468b20c76d24a David Howells 2020-09-03 136 * crypto_krb5_get_Ke - Derive key Ke and install into an skcipher
b468b20c76d24a David Howells 2020-09-03 137 * @krb5: The encryption type to use
b468b20c76d24a David Howells 2020-09-03 138 * @TK: The base key
b468b20c76d24a David Howells 2020-09-03 139 * @usage: The key usage number
b468b20c76d24a David Howells 2020-09-03 140 * @key: Prepped buffer to store the key into
b468b20c76d24a David Howells 2020-09-03 141 * @_ci: Where to put the cipher (or NULL if not wanted)
b468b20c76d24a David Howells 2020-09-03 142 * @gfp: Allocation restrictions
b468b20c76d24a David Howells 2020-09-03 143 *
b468b20c76d24a David Howells 2020-09-03 144 * Derive the Kerberos Ke encryption key and, optionally, allocate an skcipher
b468b20c76d24a David Howells 2020-09-03 145 * and install the key into it, returning the cipher. The key is stored into
b468b20c76d24a David Howells 2020-09-03 146 * the prepared buffer.
b468b20c76d24a David Howells 2020-09-03 147 */
b468b20c76d24a David Howells 2020-09-03 148 int crypto_krb5_get_Ke(const struct krb5_enctype *krb5,
b468b20c76d24a David Howells 2020-09-03 149 const struct krb5_buffer *TK,
b468b20c76d24a David Howells 2020-09-03 150 u32 usage,
b468b20c76d24a David Howells 2020-09-03 151 struct krb5_buffer *key,
b468b20c76d24a David Howells 2020-09-03 152 struct crypto_sync_skcipher **_ci,
b468b20c76d24a David Howells 2020-09-03 153 gfp_t gfp)
b468b20c76d24a David Howells 2020-09-03 154 {
b468b20c76d24a David Howells 2020-09-03 155 struct crypto_sync_skcipher *ci;
b468b20c76d24a David Howells 2020-09-03 156 int ret;
b468b20c76d24a David Howells 2020-09-03 157 u8 buf[CRYPTO_MINALIGN] __aligned(CRYPTO_MINALIGN);
b468b20c76d24a David Howells 2020-09-03 158 struct krb5_buffer usage_constant = { .len = 5, .data = buf };
b468b20c76d24a David Howells 2020-09-03 159
b468b20c76d24a David Howells 2020-09-03 160 *(__be32 *)buf = cpu_to_be32(usage);
b468b20c76d24a David Howells 2020-09-03 @161 buf[4] = KEY_USAGE_SEED_ENCRYPTION;
b468b20c76d24a David Howells 2020-09-03 162
b468b20c76d24a David Howells 2020-09-03 163 key->len = krb5->Ke_len;
b468b20c76d24a David Howells 2020-09-03 164 ret = krb5->profile->calc_Ke(krb5, TK, &usage_constant, key, gfp);
b468b20c76d24a David Howells 2020-09-03 165 if (ret < 0)
b468b20c76d24a David Howells 2020-09-03 166 return ret;
b468b20c76d24a David Howells 2020-09-03 167
b468b20c76d24a David Howells 2020-09-03 168 if (_ci) {
b468b20c76d24a David Howells 2020-09-03 169 ci = crypto_alloc_sync_skcipher(krb5->encrypt_name, 0, 0);
b468b20c76d24a David Howells 2020-09-03 170 if (IS_ERR(ci))
b468b20c76d24a David Howells 2020-09-03 171 return (PTR_ERR(ci) == -ENOENT) ? -ENOPKG : PTR_ERR(ci);
b468b20c76d24a David Howells 2020-09-03 172 *_ci = ci;
b468b20c76d24a David Howells 2020-09-03 173 ret = crypto_sync_skcipher_setkey(ci, key->data, key->len);
b468b20c76d24a David Howells 2020-09-03 174 }
b468b20c76d24a David Howells 2020-09-03 175
b468b20c76d24a David Howells 2020-09-03 176 return ret;
b468b20c76d24a David Howells 2020-09-03 177 }
b468b20c76d24a David Howells 2020-09-03 178 EXPORT_SYMBOL(crypto_krb5_get_Ke);
b468b20c76d24a David Howells 2020-09-03 179
b468b20c76d24a David Howells 2020-09-03 180 /**
b468b20c76d24a David Howells 2020-09-03 181 * crypto_krb5_get_Ki - Derive key Ki and install into a hash
b468b20c76d24a David Howells 2020-09-03 182 * @krb5: The encryption type to use
b468b20c76d24a David Howells 2020-09-03 183 * @TK: The base key
b468b20c76d24a David Howells 2020-09-03 184 * @usage: The key usage number
b468b20c76d24a David Howells 2020-09-03 185 * @key: Prepped buffer to store the key into
b468b20c76d24a David Howells 2020-09-03 186 * @_shash: Where to put the hash (or NULL if not wanted)
b468b20c76d24a David Howells 2020-09-03 187 * @gfp: Allocation restrictions
b468b20c76d24a David Howells 2020-09-03 188 *
b468b20c76d24a David Howells 2020-09-03 189 * Derive the Kerberos Ki integrity checksum key and, optionally, allocate a
b468b20c76d24a David Howells 2020-09-03 190 * hash and install the key into it, returning the hash. The key is stored
b468b20c76d24a David Howells 2020-09-03 191 * into the prepared buffer.
b468b20c76d24a David Howells 2020-09-03 192 */
b468b20c76d24a David Howells 2020-09-03 193 int crypto_krb5_get_Ki(const struct krb5_enctype *krb5,
b468b20c76d24a David Howells 2020-09-03 194 const struct krb5_buffer *TK,
b468b20c76d24a David Howells 2020-09-03 195 u32 usage,
b468b20c76d24a David Howells 2020-09-03 196 struct krb5_buffer *key,
b468b20c76d24a David Howells 2020-09-03 197 struct crypto_shash **_shash,
b468b20c76d24a David Howells 2020-09-03 198 gfp_t gfp)
b468b20c76d24a David Howells 2020-09-03 199 {
b468b20c76d24a David Howells 2020-09-03 200 struct crypto_shash *shash;
b468b20c76d24a David Howells 2020-09-03 201 int ret;
b468b20c76d24a David Howells 2020-09-03 202 u8 buf[CRYPTO_MINALIGN] __aligned(CRYPTO_MINALIGN);
b468b20c76d24a David Howells 2020-09-03 203 struct krb5_buffer usage_constant = { .len = 5, .data = buf };
b468b20c76d24a David Howells 2020-09-03 204
b468b20c76d24a David Howells 2020-09-03 205 *(__be32 *)buf = cpu_to_be32(usage);
b468b20c76d24a David Howells 2020-09-03 @206 buf[4] = KEY_USAGE_SEED_INTEGRITY;
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 3+ messages in thread
* [dhowells-fs:crypto-krb5 6/21] crypto/krb5/kdf.c:116 crypto_krb5_get_Kc() error: buffer overflow 'buf' 4 <= 4
@ 2024-01-03 15:00 Dan Carpenter
2024-01-18 13:15 ` David Howells
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2024-01-03 15:00 UTC (permalink / raw)
To: oe-kbuild, David Howells; +Cc: lkp, oe-kbuild-all
tree: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git crypto-krb5
head: ebd44e15422341724b06a3a13590ea80244ebbd6
commit: b468b20c76d24a3eee1e29352769251daae938f9 [6/21] crypto/krb5: Provide infrastructure and key derivation
config: powerpc-randconfig-r071-20231226 (https://download.01.org/0day-ci/archive/20231228/202312280208.kXOfvCcb-lkp@intel.com/config)
compiler: clang version 18.0.0git (https://github.com/llvm/llvm-project d3ef86708241a3bee902615c190dead1638c4e09)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
| Closes: https://lore.kernel.org/r/202312280208.kXOfvCcb-lkp@intel.com/
smatch warnings:
crypto/krb5/kdf.c:116 crypto_krb5_get_Kc() error: buffer overflow 'buf' 4 <= 4
crypto/krb5/kdf.c:161 crypto_krb5_get_Ke() error: buffer overflow 'buf' 4 <= 4
crypto/krb5/kdf.c:206 crypto_krb5_get_Ki() error: buffer overflow 'buf' 4 <= 4
vim +/buf +116 crypto/krb5/kdf.c
b468b20c76d24a David Howells 2020-09-03 103 int crypto_krb5_get_Kc(const struct krb5_enctype *krb5,
b468b20c76d24a David Howells 2020-09-03 104 const struct krb5_buffer *TK,
b468b20c76d24a David Howells 2020-09-03 105 u32 usage,
b468b20c76d24a David Howells 2020-09-03 106 struct krb5_buffer *key,
b468b20c76d24a David Howells 2020-09-03 107 struct crypto_shash **_shash,
b468b20c76d24a David Howells 2020-09-03 108 gfp_t gfp)
b468b20c76d24a David Howells 2020-09-03 109 {
b468b20c76d24a David Howells 2020-09-03 110 struct crypto_shash *shash;
b468b20c76d24a David Howells 2020-09-03 111 int ret;
b468b20c76d24a David Howells 2020-09-03 112 u8 buf[CRYPTO_MINALIGN] __aligned(CRYPTO_MINALIGN);
b468b20c76d24a David Howells 2020-09-03 113 struct krb5_buffer usage_constant = { .len = 5, .data = buf };
b468b20c76d24a David Howells 2020-09-03 114
b468b20c76d24a David Howells 2020-09-03 115 *(__be32 *)buf = cpu_to_be32(usage);
b468b20c76d24a David Howells 2020-09-03 @116 buf[4] = KEY_USAGE_SEED_CHECKSUM;
There must be a power PC config where CRYPTO_MINALIGN is 4.
b468b20c76d24a David Howells 2020-09-03 117
b468b20c76d24a David Howells 2020-09-03 118 key->len = krb5->Kc_len;
b468b20c76d24a David Howells 2020-09-03 119 ret = krb5->profile->calc_Kc(krb5, TK, &usage_constant, key, gfp);
b468b20c76d24a David Howells 2020-09-03 120 if (ret < 0)
b468b20c76d24a David Howells 2020-09-03 121 return ret;
b468b20c76d24a David Howells 2020-09-03 122
b468b20c76d24a David Howells 2020-09-03 123 if (_shash) {
b468b20c76d24a David Howells 2020-09-03 124 shash = crypto_alloc_shash(krb5->cksum_name, 0, 0);
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dhowells-fs:crypto-krb5 6/21] crypto/krb5/kdf.c:116 crypto_krb5_get_Kc() error: buffer overflow 'buf' 4 <= 4
2024-01-03 15:00 Dan Carpenter
@ 2024-01-18 13:15 ` David Howells
0 siblings, 0 replies; 3+ messages in thread
From: David Howells @ 2024-01-18 13:15 UTC (permalink / raw)
To: Dan Carpenter; +Cc: dhowells, oe-kbuild, lkp, oe-kbuild-all
Dan Carpenter <dan.carpenter@linaro.org> wrote:
> b468b20c76d24a David Howells 2020-09-03 112 u8 buf[CRYPTO_MINALIGN] __aligned(CRYPTO_MINALIGN);
I think the thing to do in all three cases is to make the array length 5 and
leave the __aligned() to get the alignment right.
David
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-01-18 13:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-27 19:00 [dhowells-fs:crypto-krb5 6/21] crypto/krb5/kdf.c:116 crypto_krb5_get_Kc() error: buffer overflow 'buf' 4 <= 4 kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2024-01-03 15:00 Dan Carpenter
2024-01-18 13:15 ` David Howells
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.