Page MenuHomeFreeBSD

aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()
ClosedPublic

Authored by markj on Aug 30 2021, 5:40 PM.

Details

Summary

Given a partial block at the end of a payload, aes_encrypt_icm() would
perform a 16-byte load of the residual into a temporary variable. This
is unsafe in principle since the full block may cross a page boundary.
Fix the problem by copying up to the end of input into a stack variable
and operating on that instead.

Reported by: syzbot+b7e44cde9e2e89f0f6c9@syzkaller.appspotmail.com
Reported by: syzbot+4b5eaf123a99456b5160@syzkaller.appspotmail.com

Test Plan

cryptocheck (which is also able to trigger the panic with KASAN enabled)

Diff Detail

Repository
R10 FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.