mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-11-01 02:21:16 +00:00
238101aed8
commit bb29648102335586e9a66289a1d98a0cb392b6e5 upstream.
syzbot reported a crash in vmac_final() when multiple threads
concurrently use the same "vmac(aes)" transform through AF_ALG. The bug
is pretty fundamental: the VMAC template doesn't separate per-request
state from per-tfm (per-key) state like the other hash algorithms do,
but rather stores it all in the tfm context. That's wrong.
Also, vmac_final() incorrectly zeroes most of the state including the
derived keys and cached pseudorandom pad. Therefore, only the first
VMAC invocation with a given key calculates the correct digest.
Fix these bugs by splitting the per-tfm state from the per-request state
and using the proper init/update/final sequencing for requests.
Reproducer for the crash:
#include <linux/if_alg.h>
#include <sys/socket.h>
#include <unistd.h>
int main()
{
int fd;
struct sockaddr_alg addr = {
.salg_type = "hash",
.salg_name = "vmac(aes)",
};
char buf[256] = { 0 };
fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(fd, (void *)&addr, sizeof(addr));
setsockopt(fd, SOL_ALG, ALG_SET_KEY, buf, 16);
fork();
fd = accept(fd, NULL, NULL);
for (;;)
write(fd, buf, 256);
}
The immediate cause of the crash is that vmac_ctx_t.partial_size exceeds
VMAC_NHBYTES, causing vmac_final() to memset() a negative length.
Reported-by: syzbot+264bca3a6e8d645550d3@syzkaller.appspotmail.com
Fixes:
|
||
|---|---|---|
| .. | ||
| internal | ||
| ablk_helper.h | ||
| aead.h | ||
| aes.h | ||
| algapi.h | ||
| authenc.h | ||
| b128ops.h | ||
| blowfish.h | ||
| cast5.h | ||
| cast6.h | ||
| cast_common.h | ||
| compress.h | ||
| cryptd.h | ||
| crypto_wq.h | ||
| ctr.h | ||
| des.h | ||
| gf128mul.h | ||
| hash.h | ||
| ice.h | ||
| if_alg.h | ||
| lrw.h | ||
| md5.h | ||
| padlock.h | ||
| pcrypt.h | ||
| public_key.h | ||
| rng.h | ||
| scatterwalk.h | ||
| serpent.h | ||
| sha.h | ||
| skcipher.h | ||
| twofish.h | ||
| xts.h | ||