Page MenuHomeFreeBSD

aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()
ClosedPublic

Authored by markj on Aug 30 2021, 5:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jan 13, 5:17 PM
Unknown Object (File)
Dec 24 2022, 10:29 AM
Unknown Object (File)
Dec 24 2022, 10:29 AM
Unknown Object (File)
Dec 14 2022, 2:59 AM
Unknown Object (File)
Dec 12 2022, 2:11 AM
Unknown Object (File)
Dec 12 2022, 1:55 AM
Unknown Object (File)
Dec 2 2022, 2:32 AM
Subscribers

Details

Summary

Given a partial block at the end of a payload, aes_encrypt_icm() would
perform a 16-byte load of the residual into a temporary variable. This
is unsafe in principle since the full block may cross a page boundary.
Fix the problem by copying up to the end of input into a stack variable
and operating on that instead.

Reported by: syzbot+b7e44cde9e2e89f0f6c9@syzkaller.appspotmail.com
Reported by: syzbot+4b5eaf123a99456b5160@syzkaller.appspotmail.com

Test Plan

cryptocheck (which is also able to trigger the panic with KASAN enabled)

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable