From patchwork Wed Jul 11 03:59:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10518747 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 578D36032C for ; Wed, 11 Jul 2018 04:01:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 475EF28F68 for ; Wed, 11 Jul 2018 04:01:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 459E428F41; Wed, 11 Jul 2018 04:01:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E091C28F71 for ; Wed, 11 Jul 2018 04:01:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726160AbeGKEDU (ORCPT ); Wed, 11 Jul 2018 00:03:20 -0400 Received: from mail-pl0-f68.google.com ([209.85.160.68]:46562 "EHLO mail-pl0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725783AbeGKEDT (ORCPT ); Wed, 11 Jul 2018 00:03:19 -0400 Received: by mail-pl0-f68.google.com with SMTP id 30-v6so8542667pld.13 for ; Tue, 10 Jul 2018 21:01:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=cKE/34y7k1TFZx0NRLCejpE1nI+BCrESq8I+Ff1ie6s=; b=k7PcShQQk9NuwHjatE3cmmHs6v+keVhs53X0ivoJKH68pcl9bsc+Tk3zvaHt6p3eQz GUJJa+e5FvNEZWnGrY/Cj1ZUNFKHIe49sxfBd1ENonfJPBgTSYuf+Gp4pAQhh/5vpl5+ 80yfUn56raERWSJrJra0iB9w59jYy6/KySO901Nhwebo849AHdOmQ/Mzegr+hxc4Q5nX /4p2s5wOFy3JCnOtDNeHbM6KN3C97auR0n5g8RhhFB9G7gP/Xm0p8u2XEghuXn6BixRh eQAgXbRZSLedUuS2v5ms66DjHwdobtf3AsEN1tjZwrBt7W5TXmRvsBBjmEyjCN6/BqBv 1aiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=cKE/34y7k1TFZx0NRLCejpE1nI+BCrESq8I+Ff1ie6s=; b=Z51KgxzmP9Q6d3NLecivEkUDhoVWvcf5D2P/orztSEtneaPoLFSIroy0fYUgXa/BrH PEaWKD5zgoC76COJEE9ctbL3Qj38CZppmiWv00sWQF1Ba/d1aoK4WCXJlxK4zxoqutjA u23ZGzn7S2ihab4p1UOAv7cIxoqosetC5SKyLvJdhmeC6UIV4YdXEduflyOJcV2hh+Ov h4CQOr0PZqh96+xD1gUbSdyutXtEabRkmbw0y5HeKe7D/AbX/FRDDS/pKxhLwdMq36wd OQkvIhcdWUSpMX9QVc/TFf8/wQGVb0Ev1jfV88TOS1BJ5C+/eOOKLTzShrGP2F2v2WpP km5g== X-Gm-Message-State: APt69E01DQrWgv0TZZuRL/xQfPSWKNksow0b3yDlBEVDL3sCEChkxUsZ J8cdNqhN59zGhKXNQs5MYtl1o7wU X-Google-Smtp-Source: AAOMgpfBF6aftzjc5/Iy3slUeHtkhScAqRxA1nwPyl4muPUDUx1uco4XKOuj7meB2E5zkBr9LsN0iQ== X-Received: by 2002:a17:902:7106:: with SMTP id a6-v6mr27634967pll.28.1531281662946; Tue, 10 Jul 2018 21:01:02 -0700 (PDT) Received: from sol.localdomain (c-67-185-97-198.hsd1.wa.comcast.net. [67.185.97.198]) by smtp.gmail.com with ESMTPSA id z8-v6sm31443909pfg.24.2018.07.10.21.01.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Jul 2018 21:01:01 -0700 (PDT) From: Eric Biggers To: linux-crypto@vger.kernel.org, Herbert Xu Cc: Stephan Mueller , syzkaller-bugs@googlegroups.com, Eric Biggers Subject: [PATCH] crypto: dh - fix calculating encoded key size Date: Tue, 10 Jul 2018 20:59:05 -0700 Message-Id: <20180711035905.17809-1-ebiggers3@gmail.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <0000000000008faf3f05708f99c0@google.com> References: <0000000000008faf3f05708f99c0@google.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers It was forgotten to increase DH_KPP_SECRET_MIN_SIZE to include 'q_size', causing an out-of-bounds write of 4 bytes in crypto_dh_encode_key(), and an out-of-bounds read of 4 bytes in crypto_dh_decode_key(). Fix it. Also add a BUG_ON() if crypto_dh_encode_key() doesn't exactly fill the buffer, as that would have found this bug without resorting to KASAN. Reported-by: syzbot+6d38d558c25b53b8f4ed@syzkaller.appspotmail.com Fixes: e3fe0ae12962 ("crypto: dh - add public key verification test") Signed-off-by: Eric Biggers Reviewed-by: Stephan Müller --- crypto/dh_helper.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c index a7de3d9ce5ace..87ad6e2e87644 100644 --- a/crypto/dh_helper.c +++ b/crypto/dh_helper.c @@ -14,7 +14,7 @@ #include #include -#define DH_KPP_SECRET_MIN_SIZE (sizeof(struct kpp_secret) + 3 * sizeof(int)) +#define DH_KPP_SECRET_MIN_SIZE (sizeof(struct kpp_secret) + 4 * sizeof(int)) static inline u8 *dh_pack_data(void *dst, const void *src, size_t size) { @@ -61,7 +61,8 @@ int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params) ptr = dh_pack_data(ptr, params->key, params->key_size); ptr = dh_pack_data(ptr, params->p, params->p_size); ptr = dh_pack_data(ptr, params->q, params->q_size); - dh_pack_data(ptr, params->g, params->g_size); + ptr = dh_pack_data(ptr, params->g, params->g_size); + BUG_ON(ptr != (u8 *)buf + len); return 0; }