[PATCH v3 1/7] crypto: handle zero sized AEAD inputs correctly
Eric Biggers
ebiggers at kernel.org
Wed May 12 13:04:37 PDT 2021
On Wed, May 12, 2021 at 08:44:33PM +0200, Ard Biesheuvel wrote:
> There are corner cases where skcipher_walk_aead_[en|de]crypt() may be
> invoked with a zero sized input, which is not rejected by the walker
> code, but results in the skcipher_walk structure to not be fully
> initialized. This will leave stale values in its page and buffer
> members, which will be subsequently passed to kfree() or free_page() by
> skcipher_walk_done(), resulting in a crash if those routines fail to
> identify them as in valid inputs.
>
> Fix this by setting page and buffer to NULL even if the size of the
> input is zero.
>
> Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
Is this fixing an existing bug, or only a bug that got exposed by this patchset?
It would be helpful to make that clear (and if it fixes an existing bug, include
a Fixes tag).
Also, skcipher_walk_virt() doesn't set page and buffer to NULL, as it is
currently expected that skcipher_walk_done() is only called when
walk.nbytes != 0. Is something different for skcipher_walk_aead_[en|de]crypt()?
- Eric
More information about the linux-arm-kernel
mailing list