From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gregkh@linuxfoundation.org>
X-Google-Smtp-Source: AH8x226BLBzlLa82ht/6qXiGYMzb+Hnm3uIRHwobxs8MnVhJLxNjfCCYBEVW0fqil77glouK9jIr
ARC-Seal: i=1; a=rsa-sha256; t=1516611210; cv=none;
        d=google.com; s=arc-20160816;
        b=L8pme3qywkWVGtVDDwUEkXjBRmUeEe7un3JkAWljwYdGZvG36XzESCfzExTLPkUlgn
         t6O5nBEZTgopcTaH6l9t7faGcQxKw8JL78fLtz+DL08TaxduztuWdwF4hT3TiX0O5VaS
         EK9Wmuk2aRE3tfSJ1P+pGuSQ4+paBsmR3pqXlbNFOlUhQdthPqRcMjmp0lQbXcAX1M1d
         9h+uaWqZkJ2xB5ovIy9fH5spcxCCmL7j1Bp4vBvVd6lV3lFzTRoVrN4+IUh5Uf4PSF+g
         i/Z7UXp22vvpL1dycxdxb+0lbO7gVRciRBtyrhIPecNbt3bL10W+IYe9hJrmb5EUNTKD
         Nhhw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:user-agent:references:in-reply-to:message-id:date
         :subject:cc:to:from:arc-authentication-results;
        bh=g5SszWhj9xKcQaERwkKbVAq1HpzMWNwXfghPBtGO8n4=;
        b=EzBcUDX83UqFxmmmN2kZ+mZ3+hM4WWmc/OE+FJ+hDXNPzOzEHR057RuaOyNPkkgrqJ
         j3PDHPxDZZBfrMZFjkntW3+cNPQp3AtbJRrtccv2NjQ6GNfCP93EqhIUj9wdLDQdmuvD
         l+fv26DvaBc3zCaOEnDdldD0B6qQv2+/EVysQeKYZL1zxQWitfw/J4xiOpFweJM24gUV
         MbxIwTh/vKOo960GFq/yvHFVzUtOZkx2g4izqTGEFOKpHaYMKlNvAsUP59JMSoQxS9md
         CEK/qPmaPsyTY9avHrC0wDum95m+JxUS8h9aDqmx2tXaF8g2dWYOrVU+xNCt1JHvC+gf
         5gUw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org,
	Salah Coronya <salahx@yahoo.com>,
	Milan Broz <gmazyland@gmail.com>,
	Mike Snitzer <snitzer@redhat.com>
Subject: [PATCH 4.14 73/89] dm crypt: fix crash by adding missing check for auth key size
Date: Mon, 22 Jan 2018 09:45:53 +0100
Message-Id: <20180122084001.738154663@linuxfoundation.org>
X-Mailer: git-send-email 2.16.0
In-Reply-To: <20180122083954.683903493@linuxfoundation.org>
References: <20180122083954.683903493@linuxfoundation.org>
User-Agent: quilt/0.65
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-LABELS: =?utf-8?b?IlxcU2VudCI=?=
X-GMAIL-THRID: =?utf-8?q?1590282116924508756?=
X-GMAIL-MSGID: =?utf-8?q?1590282116924508756?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Milan Broz <gmazyland@gmail.com>

commit 27c7003697fc2c78f965984aa224ef26cd6b2949 upstream.

If dm-crypt uses authenticated mode with separate MAC, there are two
concatenated part of the key structure - key(s) for encryption and
authentication key.

Add a missing check for authenticated key length.  If this key length is
smaller than actually provided key, dm-crypt now properly fails instead
of crashing.

Fixes: ef43aa3806 ("dm crypt: add cryptographic data integrity protection (authenticated encryption)")
Reported-by: Salah Coronya <salahx@yahoo.com>
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/md/dm-crypt.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -1954,10 +1954,15 @@ static int crypt_setkey(struct crypt_con
 	/* Ignore extra keys (which are used for IV etc) */
 	subkey_size = crypt_subkey_size(cc);
 
-	if (crypt_integrity_hmac(cc))
+	if (crypt_integrity_hmac(cc)) {
+		if (subkey_size < cc->key_mac_size)
+			return -EINVAL;
+
 		crypt_copy_authenckey(cc->authenc_key, cc->key,
 				      subkey_size - cc->key_mac_size,
 				      cc->key_mac_size);
+	}
+
 	for (i = 0; i < cc->tfms_count; i++) {
 		if (crypt_integrity_hmac(cc))
 			r = crypto_aead_setkey(cc->cipher_tfm.tfms_aead[i],