Page MenuHomeFreeBSD
Differential D31730

aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()
ClosedPublic
Actions

Authored by markj on Aug 30 2021, 5:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Apr 21, 9:38 PM
Unknown Object (File)
Fri, Apr 19, 11:50 AM
Unknown Object (File)
Sat, Apr 6, 2:24 PM
Unknown Object (File)
Sun, Mar 31, 12:16 AM
Unknown Object (File)
Sun, Mar 31, 12:16 AM
Unknown Object (File)
Sun, Mar 31, 12:16 AM
Unknown Object (File)
Sat, Mar 30, 11:48 PM
Unknown Object (File)
Feb 5 2024, 12:15 PM
View All 39 Files
Subscribers
imp
jmg

Details

Reviewers
jhb
cem
Commits
rG564b6aa7fccd: aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()
Summary

Given a partial block at the end of a payload, aes_encrypt_icm() would
perform a 16-byte load of the residual into a temporary variable. This
is unsafe in principle since the full block may cross a page boundary.
Fix the problem by copying up to the end of input into a stack variable
and operating on that instead.

Reported by: syzbot+b7e44cde9e2e89f0f6c9@syzkaller.appspotmail.com
Reported by: syzbot+4b5eaf123a99456b5160@syzkaller.appspotmail.com

Test Plan

cryptocheck (which is also able to trigger the panic with KASAN enabled)

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 41265
Build 38154: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
crypto/
aesni/
18 lines

Diff 94382

View Options

sys/crypto/aesni/aesni_wrap.c

Loading...