Fix for yet another stack variable in crypto (rhbz 1427593)
This commit is contained in:
Laura Abbott
parent
476553105e
commit
1652b3b29e
|
|
@ -0,0 +1,49 @@
|
|||
From 3b30460c5b0ed762be75a004e924ec3f8711e032 Mon Sep 17 00:00:00 2001
|
||||
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
||||
Date: Mon, 27 Feb 2017 15:30:56 +0000
|
||||
Subject: crypto: ccm - move cbcmac input off the stack
|
||||
|
||||
Commit f15f05b0a5de ("crypto: ccm - switch to separate cbcmac driver")
|
||||
refactored the CCM driver to allow separate implementations of the
|
||||
underlying MAC to be provided by a platform. However, in doing so, it
|
||||
moved some data from the linear region to the stack, which violates the
|
||||
SG constraints when the stack is virtually mapped.
|
||||
|
||||
So move idata/odata back to the request ctx struct, of which we can
|
||||
reasonably expect that it has been allocated using kmalloc() et al.
|
||||
|
||||
Reported-by: Johannes Berg <johannes@sipsolutions.net>
|
||||
Fixes: f15f05b0a5de ("crypto: ccm - switch to separate cbcmac driver")
|
||||
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
||||
Tested-by: Johannes Berg <johannes@sipsolutions.net>
|
||||
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
||||
---
|
||||
crypto/ccm.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/crypto/ccm.c b/crypto/ccm.c
|
||||
index 4428488..1ce37ae 100644
|
||||
--- a/crypto/ccm.c
|
||||
+++ b/crypto/ccm.c
|
||||
@@ -45,6 +45,7 @@ struct crypto_rfc4309_req_ctx {
|
||||
|
||||
struct crypto_ccm_req_priv_ctx {
|
||||
u8 odata[16];
|
||||
+ u8 idata[16];
|
||||
u8 auth_tag[16];
|
||||
u32 flags;
|
||||
struct scatterlist src[3];
|
||||
@@ -183,8 +184,8 @@ static int crypto_ccm_auth(struct aead_request *req, struct scatterlist *plain,
|
||||
AHASH_REQUEST_ON_STACK(ahreq, ctx->mac);
|
||||
unsigned int assoclen = req->assoclen;
|
||||
struct scatterlist sg[3];
|
||||
- u8 odata[16];
|
||||
- u8 idata[16];
|
||||
+ u8 *odata = pctx->odata;
|
||||
+ u8 *idata = pctx->idata;
|
||||
int ilen, err;
|
||||
|
||||
/* format control data for input */
|
||||
--
|
||||
cgit v0.12
|
||||
|
||||
|
|
@ -593,6 +593,9 @@ Patch509: MODSIGN-Don-t-try-secure-boot-if-EFI-runtime-is-disa.patch
|
|||
#CVE-2016-3134 rhbz 1317383 1317384
|
||||
Patch665: netfilter-x_tables-deal-with-bogus-nextoffset-values.patch
|
||||
|
||||
#rhbz 1427593
|
||||
Patch666: ccm-stack.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -2157,6 +2160,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Tue Feb 28 2017 Laura Abbott <labbott@fedoraproject.org>
|
||||
- Fix for yet another stack variable in crypto (rhbz 1427593)
|
||||
|
||||
* Tue Feb 28 2017 Laura Abbott <labbott@fedoraproject.org> - 4.11.0-0.rc0.git6.1
|
||||
- Linux v4.10-10531-g86292b3
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue