Page MenuHomeFreeBSD
Differential D31730

aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()
ClosedPublic
Actions

Authored by markj on Aug 30 2021, 5:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Dec 2, 4:08 PM
Unknown Object (File)
Tue, Nov 25, 4:48 PM
Unknown Object (File)
Nov 14 2025, 9:45 AM
Unknown Object (File)
Nov 11 2025, 11:51 PM
Unknown Object (File)
Nov 10 2025, 5:37 PM
Unknown Object (File)
Oct 27 2025, 4:40 PM
Unknown Object (File)
Oct 27 2025, 1:36 PM
Unknown Object (File)
Oct 26 2025, 7:28 PM
View All Files
Subscribers
imp
jmg

Details

Reviewers
jhb
cem
Commits
rG564b6aa7fccd: aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()
Summary

Given a partial block at the end of a payload, aes_encrypt_icm() would
perform a 16-byte load of the residual into a temporary variable. This
is unsafe in principle since the full block may cross a page boundary.
Fix the problem by copying up to the end of input into a stack variable
and operating on that instead.

Reported by: syzbot+b7e44cde9e2e89f0f6c9@syzkaller.appspotmail.com
Reported by: syzbot+4b5eaf123a99456b5160@syzkaller.appspotmail.com

Test Plan

cryptocheck (which is also able to trigger the panic with KASAN enabled)

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 41265
Build 38154: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
crypto/
aesni/
18 lines

Diff 94382

View Options

sys/crypto/aesni/aesni_wrap.c

Loading...