[B][C][SRU][PATCH 0/1] crypto: authenc - fix parsing key with misaligned rta_len

Po-Hsu Lin po-hsu.lin at canonical.com
Thu May 23 05:09:29 UTC 2019

BugLink: https://bugs.launchpad.net/bugs/1829725

== Justification ==
>From the commit message:
Keys for "authenc" AEADs are formatted as an rtattr containing a 4-byte
'enckeylen', followed by an authentication key and an encryption key.
crypto_authenc_extractkeys() parses the key to find the inner keys.

However, it fails to consider the case where the rtattr's payload is
longer than 4 bytes but not 4-byte aligned, and where the key ends
before the next 4-byte aligned boundary.  In this case, 'keylen -=
RTA_ALIGN(rta->rta_len);' underflows to a value near UINT_MAX.  This
causes a buffer overread and crash during crypto_ahash_setkey().

This error can be easily reproduced with the af_alg06 test in LTP test
suite. (Basically it's the reproducer in the commit message)

== Fix ==
8f9c4693 (crypto: authenc - fix parsing key with misaligned rta_len)
This patch can be cherry-picked into B/C, and it's already in X/D/E.

== Test ==
Test kernels could be found here:

Both verified on a KVM node, this issue will no longer exist.

== Regression potential ==
Low, this patch just improves the checking for rtattr payload size to
make sure it's the expected size. Also It has been upstream since 2018
Dec. and applied in some of our kernels. No subsequent bug report was
filed against it.

Eric Biggers (1):
  crypto: authenc - fix parsing key with misaligned rta_len

 crypto/authenc.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)


More information about the kernel-team mailing list