Re: [PATCH v2] arm64/crypto: poly1305 fix a read out-of-bound

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jul 12, 2022 at 03:50:31PM +0800, GUO Zihua wrote:
> int init(void)
> {
> 	struct crypto_shash *tfm = NULL;
> 	struct shash_desc *desc = NULL;
> 	char *data = NULL;
> 
> 	tfm = crypto_alloc_shash("poly1305", 0, 0);
> 	desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(tfm), GFP_KERNEL);
> 	desc->tfm = tfm;
> 
> 	data = kmalloc(POLY1305_KEY_SIZE - 1, GFP_KERNEL);
> 	memcpy(data, test_data, POLY1305_KEY_SIZE - 1);
> 	crypto_shash_update(desc, data, POLY1305_KEY_SIZE - 1);
> 	crypto_shash_final(desc, data);
> 	kfree(data);
> 	return 0;
> }

This isn't actually a valid test case since it never calls crypto_shash_init().
So the behavior of this test is undefined both before and after this patch.  The
simplest way to write a correct test would be to use crypto_shash_tfm_digest().

Anyway, the bug is still real and this patch is still the correct fix, so it's
good enough to add my reviewed-by:

	Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx>

- Eric



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux