Page MenuHomeFreeBSD

aesni: Fix yet another out-of-bounds read
ClosedPublic

Authored by markj on Dec 15 2021, 5:20 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 28, 10:09 AM
Unknown Object (File)
Sat, Nov 16, 10:22 PM
Unknown Object (File)
Fri, Nov 15, 11:43 PM
Unknown Object (File)
Mon, Nov 11, 10:33 PM
Unknown Object (File)
Thu, Nov 7, 12:27 PM
Unknown Object (File)
Oct 26 2024, 9:08 AM
Unknown Object (File)
Oct 15 2024, 6:57 PM
Unknown Object (File)
Oct 12 2024, 8:26 AM
Subscribers

Details

Summary

This is the same as 4285655adb74 ("aesni: Avoid a potential
out-of-bounds load in AES_GCM_encrypt()") except for the decryption
path. I failed to notice this last time since I assumed that encryption
and decryption use the same routine, like the CTR mode implementation
does.

Reported by: Jenkins (KASAN job)

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 43381
Build 40269: arc lint + arc unit

Event Timeline

markj requested review of this revision.Dec 15 2021, 5:20 PM

LGTM modulo overflow concern and what looks like a typo.

sys/crypto/aesni/aesni_ghash.c
793

Is this correct if nbytes was > 2GB? nbytes is a uint32 but resid is (signed) integer.

807

typo

sys/crypto/aesni/aesni_ghash.c
793

I think it still happens to work. Note that OCF itself can only describe buffers up to 2GB anyway (crp_payload_length is an int I think?)

markj marked 3 inline comments as done.

Drop the use of resid entirely, this is consistent with AES_GCM_encrypt() anyway.

This revision is now accepted and ready to land.Dec 15 2021, 8:03 PM