On Wed, Jun 22, 2016 at 08:29:37PM +0200, Mathias Krause wrote:
> Commit 9aa867e46565 ("crypto: user - Add CRYPTO_MSG_DELRNG")
> accidentally removed the minimum size check for CRYPTO_MSG_GETALG
> netlink messages. This allows userland to send a truncated
> CRYPTO_MSG_GETALG message as short as a netlink header only making
> crypto_report() operate on uninitialized memory by accessing data
> beyond the end of the netlink message.
>
> Fix this be re-adding the minimum required size of CRYPTO_MSG_GETALG
> messages to the crypto_msg_min[] array.
>
> Fixes: 9aa867e46565 ("crypto: user - Add CRYPTO_MSG_DELRNG")
> Cc: stable@xxxxxxxxxxxxxxx # v4.2
> Signed-off-by: Mathias Krause <minipli@xxxxxxxxxxxxxx>
> Cc: Steffen Klassert <steffen.klassert@xxxxxxxxxxx>
> ---
> This should go on top of crypto-2.6/master.
Patch applied to crypto. Thanks!
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
