Re: BUG: Seems un-initialed dst pointer received from algif_aead when outlen is zero

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 21, 2017 at 04:00:04PM +0100, Stephan Müller wrote:
> Am Dienstag, 21. März 2017, 14:23:31 CET schrieb Harsh Jain:
> 
> Hi Harsh,
> 
> > Yes, Driver can figure out when to discard dst SGL but for that Driver
> > has to put checks before accessing dst SGL. Isn't better if AF_ALG
> > sends NULL for dst SGL.
> 
> With the code in [1], the first longer patch is planned to be merged after the 
> memory management changes are agreed upon. That patch contains:
> 
> +               /* chain the areq TX SGL holding the tag with RX SGL */
> +               if (!last_rsgl) {
> +                       /* no RX SGL present (e.g. only authentication) */
> +                       sg_init_table(areq->first_rsgl.sgl.sg, 2);
> +                       sg_chain(areq->first_rsgl.sgl.sg, 2, areq->tsgl);
> +               } else {
> +                       /* RX SGL present */
> +                       struct af_alg_sgl *sgl_prev = &last_rsgl->sgl;
> +
> +                       sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1);
> +                       sg_chain(sgl_prev->sg, sgl_prev->npages + 1, areq-
> >tsgl);
> +               }
> 
> 
> This code snipped would exactly do what you want: the SGL is always 
> initialized. Besides, the code will do an in-place cipher operation.
> 
> https://www.spinics.net/lists/linux-crypto/msg24343.html

Even if we fix this one user of the crypto API, new users could
still feed you bogus SG lists.  The API does not require the user
to specify a NULL SG list so please fix this in the driver.

We should also strength testmgr so that it provides something
bogus to catch buggy drivers.

Thanks,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux