Re: [PATCH] crypto: user - re-add size check for CRYPTO_MSG_GETALG

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Donnerstag, 23. Juni 2016, 18:43:57 schrieb Herbert Xu:

Hi Herbert,

> On Wed, Jun 22, 2016 at 08:29:37PM +0200, Mathias Krause wrote:
> > Commit 9aa867e46565 ("crypto: user - Add CRYPTO_MSG_DELRNG")
> > accidentally removed the minimum size check for CRYPTO_MSG_GETALG
> > netlink messages. This allows userland to send a truncated
> > CRYPTO_MSG_GETALG message as short as a netlink header only making
> > crypto_report() operate on uninitialized memory by accessing data
> > beyond the end of the netlink message.
> > 
> > Fix this be re-adding the minimum required size of CRYPTO_MSG_GETALG
> > messages to the crypto_msg_min[] array.
> > 
> > Fixes: 9aa867e46565 ("crypto: user - Add CRYPTO_MSG_DELRNG")
> > Cc: stable@xxxxxxxxxxxxxxx	# v4.2
> > Signed-off-by: Mathias Krause <minipli@xxxxxxxxxxxxxx>
> > Cc: Steffen Klassert <steffen.klassert@xxxxxxxxxxx>
> > ---
> > This should go on top of crypto-2.6/master.
> 
> Patch applied to crypto.  Thanks!

Please revert my patch eed1e1afd8d542d9644534c1b712599b5d680007 as requested 
by Matthias.


Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux