[PATCH v2] arm64/crypto: poly1305 fix a read out-of-bound
Eric Biggers
ebiggers at kernel.org
Wed Jul 20 19:34:18 PDT 2022
On Tue, Jul 12, 2022 at 03:50:31PM +0800, GUO Zihua wrote:
> int init(void)
> {
> struct crypto_shash *tfm = NULL;
> struct shash_desc *desc = NULL;
> char *data = NULL;
>
> tfm = crypto_alloc_shash("poly1305", 0, 0);
> desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(tfm), GFP_KERNEL);
> desc->tfm = tfm;
>
> data = kmalloc(POLY1305_KEY_SIZE - 1, GFP_KERNEL);
> memcpy(data, test_data, POLY1305_KEY_SIZE - 1);
> crypto_shash_update(desc, data, POLY1305_KEY_SIZE - 1);
> crypto_shash_final(desc, data);
> kfree(data);
> return 0;
> }
This isn't actually a valid test case since it never calls crypto_shash_init().
So the behavior of this test is undefined both before and after this patch. The
simplest way to write a correct test would be to use crypto_shash_tfm_digest().
Anyway, the bug is still real and this patch is still the correct fix, so it's
good enough to add my reviewed-by:
Reviewed-by: Eric Biggers <ebiggers at google.com>
- Eric
More information about the linux-arm-kernel
mailing list