[PATCH] crypto: testmgr - add guard to dst buffer for ahash_export

From: Jan Stancek
Date: Wed Sep 28 2016 - 10:38:54 EST

Next message: Paolo Bonzini: "Re: [PATCH 3/3] KVM: x86: do not scan IRR twice on APICv vmentry"
Previous message: Benjamin Tissoires: "[PATCH 4/4] Input: elan_i2c - add trackstick report"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Add a guard to 'state' buffer and warn if its consistency after
call to crypto_ahash_export() changes, so that any write that
goes beyond advertised statesize (and thus causing potential
memory corruption [1]) is more visible.

[1] https://marc.info/?l=linux-crypto-vger&m=147467656516085

Signed-off-by: Jan Stancek <jstancek@xxxxxxxxxx>
Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Cc: Marcelo Cerri <marcelo.cerri@xxxxxxxxxxxxx>
---
crypto/testmgr.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 5c9d5a5e7b65..96343bcae01e 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -209,16 +209,19 @@ static int ahash_partial_update(struct ahash_request **preq,
char *state;
struct ahash_request *req;
int statesize, ret = -EINVAL;
+ const char guard[] = { 0x00, 0xba, 0xad, 0x00 };

req = *preq;
statesize = crypto_ahash_statesize(
crypto_ahash_reqtfm(req));
- state = kmalloc(statesize, GFP_KERNEL);
+ state = kmalloc(statesize + sizeof(guard), GFP_KERNEL);
if (!state) {
pr_err("alt: hash: Failed to alloc state for %s\n", algo);
goto out_nostate;
}
+ memcpy(state + statesize, guard, sizeof(guard));
ret = crypto_ahash_export(req, state);
+ WARN_ON(memcmp(state + statesize, guard, sizeof(guard)));
if (ret) {
pr_err("alt: hash: Failed to export() for %s\n", algo);
goto out;
--
1.8.3.1

Next message: Paolo Bonzini: "Re: [PATCH 3/3] KVM: x86: do not scan IRR twice on APICv vmentry"
Previous message: Benjamin Tissoires: "[PATCH 4/4] Input: elan_i2c - add trackstick report"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]