Received: by 10.192.165.148 with SMTP id m20csp1430719imm; Sat, 5 May 2018 11:54:36 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpaKvb++bce+RZ+PhxD+OfMS/NvcG1dY/2WfemShj7UGg6DFh6prxUYbYXFLWCBMSGT1/3L X-Received: by 10.98.50.198 with SMTP id y189mr26069370pfy.241.1525546476430; Sat, 05 May 2018 11:54:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525546476; cv=none; d=google.com; s=arc-20160816; b=eDDPt4aqj4eWMo6i8l678KuVzmRWapooG80ZbDMx78WUCYmasZ6na1LUd/+9Y/aBX+ M7ZNI9+AawH6MPnNXV0voSZmw543LWtW9pRnFeWslsVlCbGzLROMM6DlfVgkt5yOrnQ6 Zv/B6VI+snphiv6KnU9alnDGuqVQKRL/wNedTcT1/F/PBtSrwqfcSvi3bVbzTFal7as7 +HFDjg1ANh77vMUpWDD1PVW2jU2WPt6vaZ/Wr0p/2+xpnfjjEvSCLeW+iSNdw+n9if8M Dyj4GhmZzwJ5fjI7Io9u5bqLr+4fkeqZbPCYRNgCx1f8lYD05Zo2jzgKW91YBypATHkH BXXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=e8ywChB9lGmWpaFESnVe00nXPMFiaWvK1Y2GPR+cwHk=; b=0U86+110v9OcF1LxpteIbKYTAJHjlHuSt50yiL7QIEr2U96cCJRoz66CpukqFwEp9B tBq0xTJ1smhTXmwgBlp0yFb98ZGXIEb+xORDZ//a1XX072hUaPtkdulIvRX6MuNwZCyx wJwvE9hBbCMx/grw4QWygWVXAFqU+/NJpOY1TitiqXEF+2NSIuZXbmkzpv3xhJGY8C0r uEfV28OLuluRni/jRqjKy6VizYnu5Xc886+HtnJLvAP7JU1M8GPYL1cNt1Y6xL3M7BmM euzVWGvKH7PgMi3PgE9JHleML7nblXrQbZa4kMnPHjSrOxXj+BuFR6TXKVnoY+Tp2LsS CXbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=CIX2Beey; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x133si19177668pfd.124.2018.05.05.11.54.21; Sat, 05 May 2018 11:54:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=CIX2Beey; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751852AbeEESyG (ORCPT + 99 others); Sat, 5 May 2018 14:54:06 -0400 Received: from mta-p8.oit.umn.edu ([134.84.196.208]:58770 "EHLO mta-p8.oit.umn.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751824AbeEESyE (ORCPT ); Sat, 5 May 2018 14:54:04 -0400 Received: from localhost (unknown [127.0.0.1]) by mta-p8.oit.umn.edu (Postfix) with ESMTP id 04B99AFD for ; Sat, 5 May 2018 18:54:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at umn.edu Received: from mta-p8.oit.umn.edu ([127.0.0.1]) by localhost (mta-p8.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D-7W72N0ONFR for ; Sat, 5 May 2018 13:54:03 -0500 (CDT) Received: from mail-it0-f71.google.com (mail-it0-f71.google.com [209.85.214.71]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p8.oit.umn.edu (Postfix) with ESMTPS id CE5CEB1F for ; Sat, 5 May 2018 13:54:03 -0500 (CDT) Received: by mail-it0-f71.google.com with SMTP id l204-v6so5450850ita.1 for ; Sat, 05 May 2018 11:54:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=from:to:cc:subject:date:message-id; bh=e8ywChB9lGmWpaFESnVe00nXPMFiaWvK1Y2GPR+cwHk=; b=CIX2Beeypux9LJteFO7i1hf4MS59p8cWKT1ewoC9jCY4synzPBKf751KDvLpPvfDIf Ks39JAAAjVX0Al+hcR16XpRLxue122KWn3gqWFIrepIt5BqKsHPobH6nfvIsKa8dfdfU Hv7sz+Q9bMadB31eFxNduZSsEdNJnWvAFVNaeauMd79lpeIX/Gd1UAB/mKBO9Ibk/RiK MecT8NMr1iDNpnPxhGIyozzfoEjfRawf068NbU6VYx9UI1sIHi7SN7Y4tVS961Txlrei HMbYSx6z57m8sv8yCLlOxhXFVYmJZp+b6JEGe8ayFbEKsZFVznc0UVEtY+IXnaj2kDGR 0xdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=e8ywChB9lGmWpaFESnVe00nXPMFiaWvK1Y2GPR+cwHk=; b=g9PcIxr3Lt5I4hS0Swtrm46msEZ/oyjswC/DpcrnST0GLTnMYTGT5KrIEWIqXuSUNl v/yovivNSJeMBcB//nIqriQnMx4eqOH/BVzsHSUxBeYnrcc/mQCjALFlumhWmd/guxXK 6vWFX6zh19l2jbp5xi8gI01oNNHNPF26hV907qqHzv0YsOHVWazp0zDXpYpBL/GAworZ G6Tl5NMNmkk8apqXrsdGMkyLI8fqHjkUiY9pZj/7amOszw03uvgwpmec+2F/1T3UW8I0 jI534dJueogDROTtZgsH7GYQXNA+3jTpseccUKAoyFbD4uUe2dqetkgGvcE6UlcydQJA 6c2g== X-Gm-Message-State: ALQs6tDwBr89h5UsVFDFpin92oVE+vEX+UFVP5dH17nsV7L/3EK57We8 XWUeMKKDWodyjRHOcSe3+v+atGeqw0oqWhZMV+bVY0zHqhPGT8jyV87Bk4ijv31KRjjP4mSn43y qjN5ys6GKCMJl5qA2hU9pKcCyQ3tu X-Received: by 2002:a6b:a4cb:: with SMTP id d72-v6mr35465180ioj.34.1525546443495; Sat, 05 May 2018 11:54:03 -0700 (PDT) X-Received: by 2002:a6b:a4cb:: with SMTP id d72-v6mr35465166ioj.34.1525546443265; Sat, 05 May 2018 11:54:03 -0700 (PDT) Received: from cs-u-cslp16.cs.umn.edu (cs-u-cslp16.cs.umn.edu. [134.84.121.95]) by smtp.gmail.com with ESMTPSA id 72-v6sm2332992itg.36.2018.05.05.11.54.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 05 May 2018 11:54:02 -0700 (PDT) From: Wenwen Wang To: Wenwen Wang Cc: Kangjie Lu , Harsh Jain , Herbert Xu , "David S. Miller" , Atul Gupta , Michael Werner , Casey Leedom , linux-crypto@vger.kernel.org (open list:CXGB4 CRYPTO DRIVER (chcr)), linux-kernel@vger.kernel.org (open list) Subject: [PATCH] crypto: chtls - fix a missing-check bug Date: Sat, 5 May 2018 13:53:48 -0500 Message-Id: <1525546431-12535-1-git-send-email-wang6495@umn.edu> X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In do_chtls_setsockopt(), the tls crypto info is first copied from the poiner 'optval' in userspace and saved to 'tmp_crypto_info'. Then the 'version' of the crypto info is checked. If the version is not as expected, i.e., TLS_1_2_VERSION, error code -ENOTSUPP is returned to indicate that the provided crypto info is not supported yet. Then, the 'cipher_type' field of the 'tmp_crypto_info' is also checked to see if it is TLS_CIPHER_AES_GCM_128. If it is, the whole struct of tls12_crypto_info_aes_gcm_128 is copied from the pointer 'optval' and then the function chtls_setkey() is invoked to set the key. Given that the 'optval' pointer resides in userspace, a malicious userspace process can race to change the data pointed by 'optval' between the two copies. For example, a user can provide a crypto info with TLS_1_2_VERSION and TLS_CIPHER_AES_GCM_128. After the first copy, the user can modify the 'version' and the 'cipher_type' fields to any versions and/or cipher types that are not allowed. This way, the user can bypass the checks, inject bad data to the kernel, cause chtls_setkey() to set a wrong key or other issues. This patch reuses the data copied in the first try so as to ensure these checks will not be bypassed. Signed-off-by: Wenwen Wang --- drivers/crypto/chelsio/chtls/chtls_main.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/chelsio/chtls/chtls_main.c b/drivers/crypto/chelsio/chtls/chtls_main.c index 007c45c..859958a 100644 --- a/drivers/crypto/chelsio/chtls/chtls_main.c +++ b/drivers/crypto/chelsio/chtls/chtls_main.c @@ -491,9 +491,13 @@ static int do_chtls_setsockopt(struct sock *sk, int optname, switch (tmp_crypto_info.cipher_type) { case TLS_CIPHER_AES_GCM_128: { - rc = copy_from_user(crypto_info, optval, - sizeof(struct - tls12_crypto_info_aes_gcm_128)); + /* Obtain version and type from previous copy */ + crypto_info[0] = tmp_crypto_info; + /* Now copy the following data */ + rc = copy_from_user(crypto_info + sizeof(*crypto_info), + optval + sizeof(*crypto_info), + sizeof(struct tls12_crypto_info_aes_gcm_128) + - sizeof(*crypto_info)); if (rc) { rc = -EFAULT; -- 2.7.4