Received: by 10.223.176.46 with SMTP id f43csp2657708wra; Mon, 22 Jan 2018 01:02:36 -0800 (PST) X-Google-Smtp-Source: AH8x224y9Nds1yT4UKOa/6A8FTQNcZ7MQkB6/02Cp4fdRvsttEdxqPC9/L2wDjJ8zKm647Hh2XOT X-Received: by 10.101.102.73 with SMTP id z9mr6632140pgv.448.1516611756185; Mon, 22 Jan 2018 01:02:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516611756; cv=none; d=google.com; s=arc-20160816; b=AvRni8/GzjOMlklvCoc3gTsLhStLvCoepXsXMCHPF0GHwjyo+Jd3AEurWlen+LJtM6 XBRrehzjfpsCySF7uiSn1wFqUeqgJuMyebluuTiHENiUCflb5kLKcpVr4Q5jbx1xaOJ0 pZ/53DZTxyCMEA6GePHkmPc5CI7s7jnGCtv5NGjAv1uMGSIuIm4PRAjARA2J9w+DYa4j XLlOxRHmnKaGVSPsBGJXAgDKH+aFws4UhZO27ZAtRbWkyPShCqZuQImQE/YCMm2e3m+v fNnslYa9T00tYGIqW7QtLN1Q6f0BrO/zdg5DoDV71qZkXABshhPUZKqY3AJ/TJ3m3vNN 7SRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=g5SszWhj9xKcQaERwkKbVAq1HpzMWNwXfghPBtGO8n4=; b=hcj5xH1MxYOtSIP19pB0J7oF5ILektpFfCQTUHSBdevGckieJ6VX+3EkGQM3TyrvhB EYoJLF6dP8COuLHXX5QGIVhxVLPNR5eRgy0Unyg3ftd3/46uTKAZTkBsEHJ/9nq9KIJk EzdXbn84xtFgf60gt6tb22Bsp2nWVDA01EOrEV+Cv6VfLq7dAvtotwFCYXpzcJVHaQ8H EfeliLiH3oEIQLF6Oe35nE0x0e8aKx9MV9IleRDuefjbvtqM0MbAJ9vuEJ92vCitBnKT Yl3oX15fQwXRLEyvhGYAE7N1M5KeBOul/cBxVa+KqKv5k9ermvXaiCeKCvHFfZlzivp5 Sm8g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b35-v6si3199909plh.618.2018.01.22.01.02.22; Mon, 22 Jan 2018 01:02:36 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753069AbeAVJBV (ORCPT + 99 others); Mon, 22 Jan 2018 04:01:21 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:33978 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753581AbeAVIx3 (ORCPT ); Mon, 22 Jan 2018 03:53:29 -0500 Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 7894EF2B; Mon, 22 Jan 2018 08:53:28 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Salah Coronya , Milan Broz , Mike Snitzer Subject: [PATCH 4.14 73/89] dm crypt: fix crash by adding missing check for auth key size Date: Mon, 22 Jan 2018 09:45:53 +0100 Message-Id: <20180122084001.738154663@linuxfoundation.org> X-Mailer: git-send-email 2.16.0 In-Reply-To: <20180122083954.683903493@linuxfoundation.org> References: <20180122083954.683903493@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Milan Broz commit 27c7003697fc2c78f965984aa224ef26cd6b2949 upstream. If dm-crypt uses authenticated mode with separate MAC, there are two concatenated part of the key structure - key(s) for encryption and authentication key. Add a missing check for authenticated key length. If this key length is smaller than actually provided key, dm-crypt now properly fails instead of crashing. Fixes: ef43aa3806 ("dm crypt: add cryptographic data integrity protection (authenticated encryption)") Reported-by: Salah Coronya Signed-off-by: Milan Broz Signed-off-by: Mike Snitzer Signed-off-by: Greg Kroah-Hartman --- drivers/md/dm-crypt.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -1954,10 +1954,15 @@ static int crypt_setkey(struct crypt_con /* Ignore extra keys (which are used for IV etc) */ subkey_size = crypt_subkey_size(cc); - if (crypt_integrity_hmac(cc)) + if (crypt_integrity_hmac(cc)) { + if (subkey_size < cc->key_mac_size) + return -EINVAL; + crypt_copy_authenckey(cc->authenc_key, cc->key, subkey_size - cc->key_mac_size, cc->key_mac_size); + } + for (i = 0; i < cc->tfms_count; i++) { if (crypt_integrity_hmac(cc)) r = crypto_aead_setkey(cc->cipher_tfm.tfms_aead[i],