On Mon, Jul 16, 2018 at 09:21:49PM -0700, Kees Cook wrote: > In the quest to remove all stack VLA usage from the kernel[1], this caps > the ahash request size similar to the other limits and adds a sanity > check at initialization. AHASH_REQUEST_ON_STACK is special, though: it > is only ever used for shash-wrapped ahash, so its size is bounded only > by non-async hashes. A manual inspection of this shows the largest to be: > sizeof(struct shash_desc) + SHASH_MAX_DESCSIZE > > [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@xxxxxxxxxxxxxx > > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > crypto/shash.c | 9 ++++++++- > include/crypto/hash.h | 10 +++++++++- > 2 files changed, 17 insertions(+), 2 deletions(-) > > diff --git a/crypto/shash.c b/crypto/shash.c > index 8d4746b14dd5..e344560458cb 100644 > --- a/crypto/shash.c > +++ b/crypto/shash.c > @@ -355,6 +355,7 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm) > struct crypto_ahash *crt = __crypto_ahash_cast(tfm); > struct crypto_shash **ctx = crypto_tfm_ctx(tfm); > struct crypto_shash *shash; > + size_t reqsize; > > if (!crypto_mod_get(calg)) > return -EAGAIN; > @@ -365,6 +366,12 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm) > return PTR_ERR(shash); > } > > + reqsize = sizeof(struct shash_desc) + crypto_shash_descsize(shash); > + if (WARN_ON(reqsize > AHASH_MAX_REQSIZE)) { > + crypto_mod_put(calg); > + return -EINVAL; > + } 'crypto_free_shash(shash);' instead of 'crypto_mod_put(calg);' - Eric