Page MenuHomeFreeBSD

aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()
ClosedPublic

Authored by markj on Aug 30 2021, 5:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Oct 17, 2:38 AM
Unknown Object (File)
Mon, Oct 13, 3:47 AM
Unknown Object (File)
Sun, Oct 12, 6:57 PM
Unknown Object (File)
Sun, Oct 12, 6:03 PM
Unknown Object (File)
Sun, Oct 12, 4:50 PM
Unknown Object (File)
Sun, Oct 12, 8:58 AM
Unknown Object (File)
Mon, Oct 6, 6:43 PM
Unknown Object (File)
Mon, Sep 29, 6:45 PM
Subscribers

Details

Summary

Given a partial block at the end of a payload, aes_encrypt_icm() would
perform a 16-byte load of the residual into a temporary variable. This
is unsafe in principle since the full block may cross a page boundary.
Fix the problem by copying up to the end of input into a stack variable
and operating on that instead.

Reported by: syzbot+b7e44cde9e2e89f0f6c9@syzkaller.appspotmail.com
Reported by: syzbot+4b5eaf123a99456b5160@syzkaller.appspotmail.com

Test Plan

cryptocheck (which is also able to trigger the panic with KASAN enabled)

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable