Re: [PATCH v2] keys/encrypted: Fix two crypto-on-the-stack bugs

From: Herbert Xu
Date: Wed Dec 14 2016 - 00:05:23 EST

Next message: Archit Taneja: "Re: [PATCH v7 2/5] drm: bridge: add DT bindings for TI ths8135"
Previous message: Archit Taneja: "Re: [PATCH] drm/bridge: analogix_dp: set the DPCD600 during disabling the psr"
In reply to: Andy Lutomirski: "Re: [PATCH v2] keys/encrypted: Fix two crypto-on-the-stack bugs"
Next in thread: Eric Biggers: "Re: [PATCH v2] keys/encrypted: Fix two crypto-on-the-stack bugs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 13, 2016 at 06:53:03PM -0800, Andy Lutomirski wrote:
> On Tue, Dec 13, 2016 at 6:48 PM, Andy Lutomirski <luto@xxxxxxxxxx> wrote:
> > The driver put a constant buffer of all zeros on the stack and
> > pointed a scatterlist entry at it in two places. This doesn't work
> > with virtual stacks. Use ZERO_PAGE instead.
>
> Wait a second...
>
> > - sg_set_buf(&sg_out[1], pad, sizeof pad);
> > + sg_set_buf(&sg_out[1], empty_zero_page, 16);
>
> My fix here is obviously bogus (I meant to use ZERO_PAGE(0)), but what
> exactly is the code trying to do? The old code makes no sense. It's
> setting the *output* buffer to zeroed padding.

It's decrypting so I presume it just needs to the extra space for
the padding and the result will be thrown away.

Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Next message: Archit Taneja: "Re: [PATCH v7 2/5] drm: bridge: add DT bindings for TI ths8135"
Previous message: Archit Taneja: "Re: [PATCH] drm/bridge: analogix_dp: set the DPCD600 during disabling the psr"
In reply to: Andy Lutomirski: "Re: [PATCH v2] keys/encrypted: Fix two crypto-on-the-stack bugs"
Next in thread: Eric Biggers: "Re: [PATCH v2] keys/encrypted: Fix two crypto-on-the-stack bugs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]