mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-10-31 18:09:19 +00:00
247888cfca
commit 8f9c469348487844328e162db57112f7d347c49f upstream.
Keys for "authenc" AEADs are formatted as an rtattr containing a 4-byte
'enckeylen', followed by an authentication key and an encryption key.
crypto_authenc_extractkeys() parses the key to find the inner keys.
However, it fails to consider the case where the rtattr's payload is
longer than 4 bytes but not 4-byte aligned, and where the key ends
before the next 4-byte aligned boundary. In this case, 'keylen -=
RTA_ALIGN(rta->rta_len);' underflows to a value near UINT_MAX. This
causes a buffer overread and crash during crypto_ahash_setkey().
Fix it by restricting the rtattr payload to the expected size.
Reproducer using AF_ALG:
#include <linux/if_alg.h>
#include <linux/rtnetlink.h>
#include <sys/socket.h>
int main()
{
int fd;
struct sockaddr_alg addr = {
.salg_type = "aead",
.salg_name = "authenc(hmac(sha256),cbc(aes))",
};
struct {
struct rtattr attr;
__be32 enckeylen;
char keys[1];
} __attribute__((packed)) key = {
.attr.rta_len = sizeof(key),
.attr.rta_type = 1 /* CRYPTO_AUTHENC_KEYA_PARAM */,
};
fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(fd, (void *)&addr, sizeof(addr));
setsockopt(fd, SOL_ALG, ALG_SET_KEY, &key, sizeof(key));
}
It caused:
BUG: unable to handle kernel paging request at ffff88007ffdc000
PGD 2e01067 P4D 2e01067 PUD 2e04067 PMD 2e05067 PTE 0
Oops: 0000 [#1] SMP
CPU: 0 PID: 883 Comm: authenc Not tainted 4.20.0-rc1-00108-g00c9fe37a7f27 #13
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-20181126_142135-anatol 04/01/2014
RIP: 0010:sha256_ni_transform+0xb3/0x330 arch/x86/crypto/sha256_ni_asm.S:155
[...]
Call Trace:
sha256_ni_finup+0x10/0x20 arch/x86/crypto/sha256_ssse3_glue.c:321
crypto_shash_finup+0x1a/0x30 crypto/shash.c:178
shash_digest_unaligned+0x45/0x60 crypto/shash.c:186
crypto_shash_digest+0x24/0x40 crypto/shash.c:202
hmac_setkey+0x135/0x1e0 crypto/hmac.c:66
crypto_shash_setkey+0x2b/0xb0 crypto/shash.c:66
shash_async_setkey+0x10/0x20 crypto/shash.c:223
crypto_ahash_setkey+0x2d/0xa0 crypto/ahash.c:202
crypto_authenc_setkey+0x68/0x100 crypto/authenc.c:96
crypto_aead_setkey+0x2a/0xc0 crypto/aead.c:62
aead_setkey+0xc/0x10 crypto/algif_aead.c:526
alg_setkey crypto/af_alg.c:223 [inline]
alg_setsockopt+0xfe/0x130 crypto/af_alg.c:256
__sys_setsockopt+0x6d/0xd0 net/socket.c:1902
__do_sys_setsockopt net/socket.c:1913 [inline]
__se_sys_setsockopt net/socket.c:1910 [inline]
__x64_sys_setsockopt+0x1f/0x30 net/socket.c:1910
do_syscall_64+0x4a/0x180 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Fixes:
|
||
|---|---|---|
| .. | ||
| asymmetric_keys | ||
| async_tx | ||
| 842.c | ||
| ablk_helper.c | ||
| ablkcipher.c | ||
| aead.c | ||
| aes_generic.c | ||
| af_alg.c | ||
| ahash.c | ||
| algapi.c | ||
| algboss.c | ||
| algif_hash.c | ||
| algif_skcipher.c | ||
| ansi_cprng.c | ||
| anubis.c | ||
| api.c | ||
| arc4.c | ||
| authenc.c | ||
| authencesn.c | ||
| blkcipher.c | ||
| blowfish_common.c | ||
| blowfish_generic.c | ||
| camellia_generic.c | ||
| cast5_generic.c | ||
| cast6_generic.c | ||
| cast_common.c | ||
| cbc.c | ||
| ccm.c | ||
| chainiv.c | ||
| cipher.c | ||
| cmac.c | ||
| compress.c | ||
| crc32.c | ||
| crc32c.c | ||
| cryptd.c | ||
| crypto_null.c | ||
| crypto_user.c | ||
| crypto_wq.c | ||
| ctr.c | ||
| cts.c | ||
| deflate.c | ||
| des_generic.c | ||
| ecb.c | ||
| eseqiv.c | ||
| fcrypt.c | ||
| fips.c | ||
| gcm.c | ||
| gf128mul.c | ||
| ghash-generic.c | ||
| hmac.c | ||
| internal.h | ||
| Kconfig | ||
| khazad.c | ||
| krng.c | ||
| lrw.c | ||
| lzo.c | ||
| Makefile | ||
| md4.c | ||
| md5.c | ||
| memneq.c | ||
| michael_mic.c | ||
| pcbc.c | ||
| pcompress.c | ||
| pcrypt.c | ||
| proc.c | ||
| ripemd.h | ||
| rmd128.c | ||
| rmd160.c | ||
| rmd256.c | ||
| rmd320.c | ||
| rng.c | ||
| salsa20_generic.c | ||
| scatterwalk.c | ||
| seed.c | ||
| seqiv.c | ||
| serpent_generic.c | ||
| sha1_generic.c | ||
| sha256_generic.c | ||
| sha512_generic.c | ||
| shash.c | ||
| tcrypt.c | ||
| tcrypt.h | ||
| tea.c | ||
| testmgr.c | ||
| testmgr.h | ||
| tgr192.c | ||
| twofish_common.c | ||
| twofish_generic.c | ||
| vmac.c | ||
| wp512.c | ||
| xcbc.c | ||
| xor.c | ||
| xts.c | ||
| zlib.c | ||