Re: algif_hash bug? - Tom Lendacky

linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Tom Lendacky <thomas.lendacky@amd.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: algif_hash bug?
Date: Sat, 9 Jan 2016 09:50:00 -0600	[thread overview]
Message-ID: <56912C28.30809@amd.com> (raw)
In-Reply-To: <20160109054238.GB11188@gondor.apana.org.au>

On 01/08/2016 11:42 PM, Herbert Xu wrote:
> On Fri, Jan 08, 2016 at 02:55:14PM -0600, Tom Lendacky wrote:
>>
>> AF_ALG hash supports the accept() call to allow for partial hash states
>> to be cloned. If an accept() is issued against a socket before ever
>> doing a send(), crypto_ahash_init() will never have been called for the
>> original socket.  The hash_accept function in algif_hash will call
>> crypto_ahash_export() which will return an uninitialized request context
>> and then use that for import into the new socket. A problem arises here
>> because hash_accept sets the 'more' bit of the new context to 1
>> (ctx2->more = 1). This will cause the first send() call for the new
>> socket to skip calling crypto_ahash_init() which can result in an
>> error or oops because the request context for the cloned socket was
>> never initialized.
>>
>> Is it assumed that the accept() call should only ever be made after
>> having issued at least one send()? Should the ctx2->more value be the
>> value from the original context so that crypto_ahash_init() is called
>> when needed?
> 
> I thought we've already fixed this bug with
> 
> commit 4afa5f9617927453ac04b24b584f6c718dfb4f45
> Author: Herbert Xu <herbert@gondor.apana.org.au>
> Date:   Sun Nov 1 17:11:19 2015 +0800
> 
>     crypto: algif_hash - Only export and import on sockets with data
> 

I thought I was on the latest tree but I wasn't...  sorry for the
time and trouble.

Tom

> Cheers,
>

     prev parent reply	other threads:[~2016-01-09 15:50 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-01-08 20:55 algif_hash bug? Tom Lendacky
2016-01-09  5:42 ` Herbert Xu
2016-01-09 15:50   ` Tom Lendacky [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56912C28.30809@amd.com \
    --to=thomas.lendacky@amd.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).