Re: [PATCH] crypto: rsa - fix buffer overread when stripping leading zeroes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH] crypto: rsa - fix buffer overread when stripping leading zeroes
From: David Howells <dhowells@xxxxxxxxxx>
Date: Tue, 28 Nov 2017 10:55:40 +0000
Cc: dhowells@xxxxxxxxxx, keyrings@xxxxxxxxxxxxxxx, linux-crypto@xxxxxxxxxxxxxxx, Alexander Potapenko <glider@xxxxxxxxxx>, Eric Biggers <ebiggers@xxxxxxxxxx>, stable@xxxxxxxxxxxxxxx, Tudor Ambarus <tudor-dan.ambarus@xxxxxxx>
In-reply-to: <20171127071649.25800-1-ebiggers3@gmail.com>
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903

Eric Biggers <ebiggers3@xxxxxxxxx> wrote:

> In rsa_get_n(), if the buffer contained all 0's and "FIPS mode" is
> enabled, we would read one byte past the end of the buffer while
> scanning the leading zeroes.  Fix it by checking 'n_sz' before '!*ptr'.

Reviewed-by: David Howells <dhowells@xxxxxxxxxx>

References:
- [PATCH] crypto: rsa - fix buffer overread when stripping leading zeroes
  - From: Eric Biggers

Prev by Date: [PATCH 4.9 068/138] IB/srpt: Do not accept invalid initiator port names
Next by Date: [PATCH 4.9 065/138] libnvdimm, pfn: make resource attribute only readable by root
Previous by thread: Re: [PATCH] crypto: rsa - fix buffer overread when stripping leading zeroes
Next by thread: Re: [PATCH] crypto: rsa - fix buffer overread when stripping leading zeroes
Index(es):
- Date
- Thread

[Index of Archives] [Linux Kernel] [Kernel Development Newbies] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite Hiking] [Linux Kernel] [Linux SCSI]