On Wed, Sep 06, 2017 at 10:10:08PM +0200, Stephan Müller wrote: > Am Mittwoch, 6. September 2017, 21:22:44 CEST schrieb Stephan Müller: > > Hi Herbert, > > > With AF_ALG, AAD len and cryptlen can be set freely by unprivileged > > user space. The cipher implementation must therefore validate the input > > data for sanity. For AEAD ciphers, this implies that cryptlen must be > > at least as large as AAD size. > > > > This fixes a kernel crash that can be triggered via AF_ALG detected by > > the fuzzing test implemented with libkcapi. > > What is your opinion: should this check be rather added to crypto_aead_encrypt > (similar to a sanity check found in crypto_aead_decrypt)? Doesn't this apply to decryption as well? Perhaps we can simply truncate assoclen in aead_request_set_ad. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt