From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Eric Biggers <ebiggers@google.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 4.9 20/51] crypto: authenc - fix parsing key with misaligned rta_len
Date: Mon, 21 Jan 2019 14:44:16 +0100 [thread overview]
Message-ID: <20190121122455.395185931@linuxfoundation.org> (raw)
In-Reply-To: <20190121122453.700446926@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers@google.com>
commit 8f9c469348487844328e162db57112f7d347c49f upstream.
Keys for "authenc" AEADs are formatted as an rtattr containing a 4-byte
'enckeylen', followed by an authentication key and an encryption key.
crypto_authenc_extractkeys() parses the key to find the inner keys.
However, it fails to consider the case where the rtattr's payload is
longer than 4 bytes but not 4-byte aligned, and where the key ends
before the next 4-byte aligned boundary. In this case, 'keylen -=
RTA_ALIGN(rta->rta_len);' underflows to a value near UINT_MAX. This
causes a buffer overread and crash during crypto_ahash_setkey().
Fix it by restricting the rtattr payload to the expected size.
Reproducer using AF_ALG:
#include <linux/if_alg.h>
#include <linux/rtnetlink.h>
#include <sys/socket.h>
int main()
{
int fd;
struct sockaddr_alg addr = {
.salg_type = "aead",
.salg_name = "authenc(hmac(sha256),cbc(aes))",
};
struct {
struct rtattr attr;
__be32 enckeylen;
char keys[1];
} __attribute__((packed)) key = {
.attr.rta_len = sizeof(key),
.attr.rta_type = 1 /* CRYPTO_AUTHENC_KEYA_PARAM */,
};
fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(fd, (void *)&addr, sizeof(addr));
setsockopt(fd, SOL_ALG, ALG_SET_KEY, &key, sizeof(key));
}
It caused:
BUG: unable to handle kernel paging request at ffff88007ffdc000
PGD 2e01067 P4D 2e01067 PUD 2e04067 PMD 2e05067 PTE 0
Oops: 0000 [#1] SMP
CPU: 0 PID: 883 Comm: authenc Not tainted 4.20.0-rc1-00108-g00c9fe37a7f27 #13
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-20181126_142135-anatol 04/01/2014
RIP: 0010:sha256_ni_transform+0xb3/0x330 arch/x86/crypto/sha256_ni_asm.S:155
[...]
Call Trace:
sha256_ni_finup+0x10/0x20 arch/x86/crypto/sha256_ssse3_glue.c:321
crypto_shash_finup+0x1a/0x30 crypto/shash.c:178
shash_digest_unaligned+0x45/0x60 crypto/shash.c:186
crypto_shash_digest+0x24/0x40 crypto/shash.c:202
hmac_setkey+0x135/0x1e0 crypto/hmac.c:66
crypto_shash_setkey+0x2b/0xb0 crypto/shash.c:66
shash_async_setkey+0x10/0x20 crypto/shash.c:223
crypto_ahash_setkey+0x2d/0xa0 crypto/ahash.c:202
crypto_authenc_setkey+0x68/0x100 crypto/authenc.c:96
crypto_aead_setkey+0x2a/0xc0 crypto/aead.c:62
aead_setkey+0xc/0x10 crypto/algif_aead.c:526
alg_setkey crypto/af_alg.c:223 [inline]
alg_setsockopt+0xfe/0x130 crypto/af_alg.c:256
__sys_setsockopt+0x6d/0xd0 net/socket.c:1902
__do_sys_setsockopt net/socket.c:1913 [inline]
__se_sys_setsockopt net/socket.c:1910 [inline]
__x64_sys_setsockopt+0x1f/0x30 net/socket.c:1910
do_syscall_64+0x4a/0x180 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Fixes: e236d4a89a2f ("[CRYPTO] authenc: Move enckeylen into key itself")
Cc: <stable@vger.kernel.org> # v2.6.25+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/authenc.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -58,14 +58,22 @@ int crypto_authenc_extractkeys(struct cr
return -EINVAL;
if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM)
return -EINVAL;
- if (RTA_PAYLOAD(rta) < sizeof(*param))
+
+ /*
+ * RTA_OK() didn't align the rtattr's payload when validating that it
+ * fits in the buffer. Yet, the keys should start on the next 4-byte
+ * aligned boundary. To avoid confusion, require that the rtattr
+ * payload be exactly the param struct, which has a 4-byte aligned size.
+ */
+ if (RTA_PAYLOAD(rta) != sizeof(*param))
return -EINVAL;
+ BUILD_BUG_ON(sizeof(*param) % RTA_ALIGNTO);
param = RTA_DATA(rta);
keys->enckeylen = be32_to_cpu(param->enckeylen);
- key += RTA_ALIGN(rta->rta_len);
- keylen -= RTA_ALIGN(rta->rta_len);
+ key += rta->rta_len;
+ keylen -= rta->rta_len;
if (keylen < keys->enckeylen)
return -EINVAL;
next prev parent reply other threads:[~2019-01-21 13:54 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-21 13:43 [PATCH 4.9 00/51] 4.9.152-stable review Greg Kroah-Hartman
2019-01-21 13:43 ` [PATCH 4.9 01/51] tty/ldsem: Wake up readers after timed out down_write() Greg Kroah-Hartman
2019-01-21 13:43 ` [PATCH 4.9 02/51] tty: Hold tty_ldisc_lock() during tty_reopen() Greg Kroah-Hartman
2019-01-21 13:43 ` [PATCH 4.9 03/51] tty: Simplify tty->count math in tty_reopen() Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 04/51] tty: Dont hold ldisc lock in tty_reopen() if ldisc present Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 05/51] can: gw: ensure DLC boundaries after CAN frame modification Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 06/51] Revert "f2fs: do not recover from previous remained wrong dnodes" Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 07/51] media: em28xx: Fix misplaced reset of dev->v4l::field_count Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 08/51] proc: Remove empty line in /proc/self/status Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 09/51] Revert "scsi: target: iscsi: cxgbit: fix csk leak" Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 10/51] scsi: target: iscsi: cxgbit: fix csk leak Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 11/51] arm64/kvm: consistently handle host HCR_EL2 flags Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 12/51] arm64: Dont trap host pointer auth use to EL2 Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 13/51] ipv6: fix kernel-infoleak in ipv6_local_error() Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 14/51] net: bridge: fix a bug on using a neighbour cache entry without checking its state Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 15/51] packet: Do not leak dev refcounts on error exit Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 16/51] bonding: update nest level on unlink Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 17/51] ip: on queued skb use skb_header_pointer instead of pskb_may_pull Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 18/51] crypto: caam - fix zero-length buffer DMA mapping Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 19/51] crypto: authencesn - Avoid twice completion call in decrypt path Greg Kroah-Hartman
2019-01-21 13:44 ` Greg Kroah-Hartman [this message]
2019-01-21 13:44 ` [PATCH 4.9 21/51] btrfs: wait on ordered extents on abort cleanup Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 22/51] Yama: Check for pid death before checking ancestry Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 23/51] scsi: core: Synchronize request queue PM status only on successful resume Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 24/51] scsi: sd: Fix cache_type_store() Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 25/51] crypto: talitos - reorder code in talitos_edesc_alloc() Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 26/51] crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 27/51] mips: fix n32 compat_ipc_parse_version Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 28/51] mfd: tps6586x: Handle interrupts on suspend Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 29/51] arm64: kaslr: ensure randomized quantities are clean to the PoC Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 30/51] Disable MSI also when pcie-octeon.pcie_disable on Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 31/51] omap2fb: Fix stack memory disclosure Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 32/51] media: vivid: fix error handling of kthread_run Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 33/51] media: vivid: set min width/height to a value > 0 Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 34/51] LSM: Check for NULL cred-security on free Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 35/51] media: vb2: vb2_mmap: move lock up Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 36/51] sunrpc: handle ENOMEM in rpcb_getport_async Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 37/51] netfilter: ebtables: account ebt_table_info to kmemcg Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 38/51] selinux: fix GPF on invalid policy Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 39/51] blockdev: Fix livelocks on loop device Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 40/51] sctp: allocate sctp_sockaddr_entry with kzalloc Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 41/51] tipc: fix uninit-value in tipc_nl_compat_link_reset_stats Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 42/51] tipc: fix uninit-value in tipc_nl_compat_bearer_enable Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 43/51] tipc: fix uninit-value in tipc_nl_compat_link_set Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 44/51] tipc: fix uninit-value in tipc_nl_compat_name_table_dump Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 45/51] tipc: fix uninit-value in tipc_nl_compat_doit Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 46/51] block/loop: Use global lock for ioctl() operation Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 47/51] loop: Fold __loop_release into loop_release Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 48/51] loop: Get rid of loop_index_mutex Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 49/51] loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 50/51] drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock Greg Kroah-Hartman
2019-01-21 13:44 ` [PATCH 4.9 51/51] mm, memcg: fix reclaim deadlock with writeback Greg Kroah-Hartman
2019-01-22 13:40 ` [PATCH 4.9 00/51] 4.9.152-stable review Naresh Kamboju
2019-01-22 20:44 ` Guenter Roeck
2019-01-22 22:39 ` shuah
2019-01-23 9:06 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190121122455.395185931@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ebiggers@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).