Page MenuHomeFreeBSD
Differential D31730

aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()
ClosedPublic
Actions

Authored by markj on Aug 30 2021, 5:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, May 10, 11:38 PM
Unknown Object (File)
Thu, May 2, 1:03 PM
Unknown Object (File)
Sun, Apr 28, 5:48 PM
Unknown Object (File)
Sun, Apr 21, 9:38 PM
Unknown Object (File)
Fri, Apr 19, 11:50 AM
Unknown Object (File)
Apr 6 2024, 2:24 PM
Unknown Object (File)
Mar 31 2024, 12:16 AM
Unknown Object (File)
Mar 31 2024, 12:16 AM
View All 42 Files
Subscribers
imp
jmg

Details

Reviewers
jhb
cem
Commits
rG564b6aa7fccd: aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()
Summary

Given a partial block at the end of a payload, aes_encrypt_icm() would
perform a 16-byte load of the residual into a temporary variable. This
is unsafe in principle since the full block may cross a page boundary.
Fix the problem by copying up to the end of input into a stack variable
and operating on that instead.

Reported by: syzbot+b7e44cde9e2e89f0f6c9@syzkaller.appspotmail.com
Reported by: syzbot+4b5eaf123a99456b5160@syzkaller.appspotmail.com

Test Plan

cryptocheck (which is also able to trigger the panic with KASAN enabled)

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
crypto/
aesni/
18 lines

Diff 94383

View Options

sys/crypto/aesni/aesni_wrap.c

Loading...