From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jan Tluka <jtluka@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 4.9 013/105] crypto: authencesn - Fix digest_null crash
Date: Fri, 4 Aug 2017 16:14:41 -0700 [thread overview]
Message-ID: <20170804231552.618797278@linuxfoundation.org> (raw)
In-Reply-To: <20170804231551.544678194@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
commit 41cdf7a45389e01991ee31e3301ed83cb3e3f7dc upstream.
When authencesn is used together with digest_null a crash will
occur on the decrypt path. This is because normally we perform
a special setup to preserve the ESN, but this is skipped if there
is no authentication. However, on the post-authentication path
it always expects the preservation to be in place, thus causing
a crash when digest_null is used.
This patch fixes this by also skipping the post-processing when
there is no authentication.
Fixes: 104880a6b470 ("crypto: authencesn - Convert to new AEAD...")
Reported-by: Jan Tluka <jtluka@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/authencesn.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -248,6 +248,9 @@ static int crypto_authenc_esn_decrypt_ta
u8 *ihash = ohash + crypto_ahash_digestsize(auth);
u32 tmp[2];
+ if (!authsize)
+ goto decrypt;
+
/* Move high-order bits of sequence number back. */
scatterwalk_map_and_copy(tmp, dst, 4, 4, 0);
scatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 0);
@@ -256,6 +259,8 @@ static int crypto_authenc_esn_decrypt_ta
if (crypto_memneq(ihash, ohash, authsize))
return -EBADMSG;
+decrypt:
+
sg_init_table(areq_ctx->dst, 2);
dst = scatterwalk_ffwd(areq_ctx->dst, dst, assoclen);
next prev parent reply other threads:[~2017-08-04 23:17 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-04 23:14 [PATCH 4.9 000/105] 4.9.41-stable review Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 001/105] af_key: Add lock to key dump Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 002/105] pstore: Make spinlock per zone instead of global Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 003/105] net: reduce skb_warn_bad_offload() noise Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 004/105] jfs: Dont clear SGID when inheriting ACLs Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 006/105] ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 007/105] parisc: Prevent TLB speculation on flushed pages on CPUs that only support equivalent aliases Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 008/105] parisc: Extend disabled preemption in copy_user_page Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 009/105] parisc: Suspend lockup detectors before system halt Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 010/105] powerpc/pseries: Fix of_node_put() underflow during reconfig remove Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 011/105] NFS: invalidate file size when taking a lock Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 012/105] NFSv4.1: Fix a race where CB_NOTIFY_LOCK fails to wake a waiter Greg Kroah-Hartman
2017-08-04 23:14 ` Greg Kroah-Hartman [this message]
2017-08-04 23:14 ` [PATCH 4.9 014/105] KVM: PPC: Book3S HV: Enable TM before accessing TM registers Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 015/105] md/raid5: add thread_group worker async_tx_issue_pending_all Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 016/105] drm/vmwgfx: Fix gcc-7.1.1 warning Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 017/105] drm/nouveau/disp/nv50-: bump max chans to 21 Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 018/105] drm/nouveau/bar/gf100: fix access to upper half of BAR2 Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 019/105] KVM: PPC: Book3S HV: Restore critical SPRs to host values on guest exit Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 020/105] KVM: PPC: Book3S HV: Save/restore host values of debug registers Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 021/105] Revert "powerpc/numa: Fix percpu allocations to be NUMA aware" Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 022/105] Staging: comedi: comedi_fops: Avoid orphaned proc entry Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 023/105] drm: rcar-du: Simplify and fix probe error handling Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 024/105] smp/hotplug: Move unparking of percpu threads to the control CPU Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 025/105] smp/hotplug: Replace BUG_ON and react useful Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 026/105] nfc: Fix hangup of RC-S380* in port100_send_ack() Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 027/105] nfc: fdp: fix NULL pointer dereference Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 028/105] net: phy: Do not perform software reset for Generic PHY Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 029/105] isdn: Fix a sleep-in-atomic bug Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 030/105] isdn/i4l: fix buffer overflow Greg Kroah-Hartman
2017-08-04 23:14 ` [PATCH 4.9 031/105] ath10k: fix null deref on wmi-tlv when trying spectral scan Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 032/105] wil6210: fix deadlock when using fw_no_recovery option Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 033/105] mailbox: always wait in mbox_send_message for blocking Tx mode Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 034/105] mailbox: skip complete wait event if timer expired Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 035/105] mailbox: handle empty message in tx_tick Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 036/105] sched/cgroup: Move sched_online_group() back into css_online() to fix crash Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 037/105] RDMA/uverbs: Fix the check for port number Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 038/105] ipmi/watchdog: fix watchdog timeout set on reboot Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 039/105] dentry name snapshots Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 040/105] [media] v4l: s5c73m3: fix negation operator Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 041/105] pstore: Allow prz to control need for locking Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 042/105] pstore: Correctly initialize spinlock and flags Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 043/105] pstore: Use dynamic spinlock initializer Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 044/105] net: skb_needs_check() accepts CHECKSUM_NONE for tx Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 045/105] device-dax: fix sysfs duplicate warnings Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 046/105] x86/mce/AMD: Make the init code more robust Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 047/105] r8169: add support for RTL8168 series add-on card Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 048/105] ARM: omap2+: fixing wrong strcat for Non-NULL terminated string Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 049/105] dt-bindings: power/supply: Update TPS65217 properties Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 050/105] dt-bindings: input: Specify the interrupt number of TPS65217 power button Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 051/105] ARM: dts: am57xx-idk: Put USB2 port in peripheral mode Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 053/105] net/mlx5: Disable RoCE on the e-switch management port under switchdev mode Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 054/105] ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 055/105] net/mlx4_core: Use-after-free causes a resource leak in flow-steering detach Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 056/105] net/mlx4: Remove BUG_ON from ICM allocation routine Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 057/105] net/mlx4_core: Fix raw qp flow steering rules under SRIOV Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 058/105] drm/msm: Ensure that the hardware write pointer is valid Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 059/105] drm/msm: Put back the vaddr in submit_reloc() Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 060/105] drm/msm: Verify that MSM_SUBMIT_BO_FLAGS are set Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 061/105] vfio-pci: use 32-bit comparisons for register address for gcc-4.5 Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 062/105] irqchip/keystone: Fix "scheduling while atomic" on rt Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 063/105] ASoC: tlv320aic3x: Mark the RESET register as volatile Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 064/105] spi: dw: Make debugfs name unique between instances Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 065/105] ASoC: nau8825: fix invalid configuration in Pre-Scalar of FLL Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 066/105] irqchip/mxs: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 067/105] openrisc: Add _text symbol to fix ksym build error Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 068/105] dmaengine: ioatdma: Add Skylake PCI Dev ID Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 069/105] dmaengine: ioatdma: workaround SKX ioatdma version Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 070/105] l2tp: consider :: as wildcard address in l2tp_ip6 socket lookup Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 071/105] dmaengine: ti-dma-crossbar: Add some of_node_put() in error path Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 072/105] usb: dwc3: omap: fix race of pm runtime with irq handler in probe Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 073/105] ARM64: zynqmp: Fix W=1 dtc 1.4 warnings Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 075/105] perf probe: Fix to get correct modname from elf header Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 076/105] ARM: s3c2410_defconfig: Fix invalid values for NF_CT_PROTO_* Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 077/105] ACPI / scan: Prefer devices without _HID/_CID for _ADR matching Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 078/105] usb: gadget: Fix copy/pasted error message Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 079/105] Btrfs: use down_read_nested to make lockdep silent Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 080/105] Btrfs: fix lockdep warning about log_mutex Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 081/105] benet: stricter vxlan offloading check in be_features_check Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 082/105] Btrfs: adjust outstanding_extents counter properly when dio write is split Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 083/105] Xen: ARM: Zero reserved fields of xatp before making hypervisor call Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 084/105] tools lib traceevent: Fix prev/next_prio for deadline tasks Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 085/105] xfrm: Dont use sk_family for socket policy lookups Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 086/105] perf tools: Install tools/lib/traceevent plugins with install-bin Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 087/105] perf symbols: Robustify reading of build-id from sysfs Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 088/105] video: fbdev: cobalt_lcdfb: Handle return NULL error from devm_ioremap Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 089/105] vfio-pci: Handle error from pci_iomap Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 090/105] arm64: mm: fix show_pte KERN_CONT fallout Greg Kroah-Hartman
2017-08-04 23:15 ` [PATCH 4.9 091/105] nvmem: imx-ocotp: Fix wrong register size Greg Kroah-Hartman
2017-08-04 23:16 ` [PATCH 4.9 092/105] net: usb: asix_devices: add .reset_resume for USB PM Greg Kroah-Hartman
2017-08-04 23:16 ` [PATCH 4.9 093/105] ASoC: fsl_ssi: set fifo watermark to more reliable value Greg Kroah-Hartman
2017-08-04 23:16 ` [PATCH 4.9 094/105] sh_eth: enable RX descriptor word 0 shift on SH7734 Greg Kroah-Hartman
2017-08-04 23:16 ` [PATCH 4.9 095/105] ARCv2: IRQ: Call entry/exit functions for chained handlers in MCIP Greg Kroah-Hartman
2017-08-04 23:16 ` [PATCH 4.9 096/105] ALSA: usb-audio: test EP_FLAG_RUNNING at urb completion Greg Kroah-Hartman
2017-08-04 23:16 ` [PATCH 4.9 097/105] x86/platform/intel-mid: Rename spidev to mrfld_spidev Greg Kroah-Hartman
2017-08-04 23:16 ` [PATCH 4.9 098/105] perf/x86: Set pmu->module in Intel PMU modules Greg Kroah-Hartman
2017-08-04 23:16 ` [PATCH 4.9 099/105] ASoC: Intel: bytcr-rt5640: fix settings in internal clock mode Greg Kroah-Hartman
2017-08-04 23:16 ` [PATCH 4.9 100/105] HID: ignore Petzl USB headlamp Greg Kroah-Hartman
2017-08-04 23:16 ` [PATCH 4.9 101/105] scsi: fnic: Avoid sending reset to firmware when another reset is in progress Greg Kroah-Hartman
2017-08-04 23:16 ` [PATCH 4.9 102/105] scsi: snic: Return error code on memory allocation failure Greg Kroah-Hartman
2017-08-04 23:16 ` [PATCH 4.9 103/105] scsi: bfa: Increase requested firmware version to 3.2.5.1 Greg Kroah-Hartman
2017-08-04 23:16 ` [PATCH 4.9 104/105] ASoC: Intel: Skylake: Release FW ctx in cleanup Greg Kroah-Hartman
2017-08-04 23:16 ` [PATCH 4.9 105/105] ASoC: dpcm: Avoid putting stream state to STOP when FE stream is paused Greg Kroah-Hartman
2017-08-05 1:51 ` [PATCH 4.9 000/105] 4.9.41-stable review Shuah Khan
2017-08-05 2:41 ` Greg Kroah-Hartman
2017-08-05 2:53 ` Randy Dunlap
2017-08-05 2:54 ` Randy Dunlap
2017-08-05 3:06 ` Greg Kroah-Hartman
2017-08-05 6:15 ` Guenter Roeck
2017-08-05 14:48 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170804231552.618797278@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=jtluka@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.