Page MenuHomeFreeBSD
Differential D31730

aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()
ClosedPublic
Actions

Authored by markj on Aug 30 2021, 5:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Jan 13, 1:47 PM
Unknown Object (File)
Mon, Jan 12, 12:15 AM
Unknown Object (File)
Sun, Jan 11, 11:53 PM
Unknown Object (File)
Wed, Jan 7, 4:59 AM
Unknown Object (File)
Dec 2 2025, 4:08 PM
Unknown Object (File)
Nov 25 2025, 4:48 PM
Unknown Object (File)
Nov 14 2025, 9:45 AM
Unknown Object (File)
Nov 11 2025, 11:51 PM
View All Files
Subscribers
imp
jmg

Details

Reviewers
jhb
cem
Commits
rG564b6aa7fccd: aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()
Summary

Given a partial block at the end of a payload, aes_encrypt_icm() would
perform a 16-byte load of the residual into a temporary variable. This
is unsafe in principle since the full block may cross a page boundary.
Fix the problem by copying up to the end of input into a stack variable
and operating on that instead.

Reported by: syzbot+b7e44cde9e2e89f0f6c9@syzkaller.appspotmail.com
Reported by: syzbot+4b5eaf123a99456b5160@syzkaller.appspotmail.com

Test Plan

cryptocheck (which is also able to trigger the panic with KASAN enabled)

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
crypto/
aesni/
18 lines

Diff 94383

View Options

sys/crypto/aesni/aesni_wrap.c

Loading...