HomeFreeBSD

aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()

Description

aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()

Given a partial block at the end of a payload, aes_encrypt_icm() would
perform a 16-byte load of the residual into a temporary variable. This
is unsafe in principle since the full block may cross a page boundary.
Fix the problem by copying the residual into a stack buffer first.

Reported by: syzbot+b7e44cde9e2e89f0f6c9@syzkaller.appspotmail.com
Reported by: syzbot+4b5eaf123a99456b5160@syzkaller.appspotmail.com
Reported by: syzbot+70c74c1aa232633355ca@syzkaller.appspotmail.com
Reported by: syzbot+2c663776a52828373d41@syzkaller.appspotmail.com
Reviewed by: cem, jhb
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31730

Details

Provenance
markjAuthored on Aug 30 2021, 6:22 PM
Reviewer
cem
Differential Revision
D31730: aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()
Parents
rG0637070b5bca: ngatm: remove one of doubled semicolons
Branches
Unknown
Tags
Unknown