Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3000491imu; Mon, 19 Nov 2018 09:11:22 -0800 (PST) X-Google-Smtp-Source: AJdET5domowmx6qzPjrFpuO81jDyDvdr+hwQwB0K/4TujKRngmhSTxyb4qxaAMygjSHsbUYkw+VA X-Received: by 2002:a17:902:112b:: with SMTP id d40-v6mr23160128pla.48.1542647482187; Mon, 19 Nov 2018 09:11:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542647482; cv=none; d=google.com; s=arc-20160816; b=i1A4O4lu/AAmuJoRvSTJr9Af2h9mCobMH/tsliKzsv67AuYdGu0C2M1fAJdW6rOopf 2MP+BA0uxHz15wYySHkWTv8qPC80ZPHosGW+3usnvsF3WmYh7ttMCwLeGwloEFraRMAn +ygk+3gy/XN7OKPpIH6HIFwWNUQeijEqo2a5iVXwsPlsE1o9hfsVL7OK7hceC1kDD2yI 1o71zoGxJ01sH5RKAj1YqebFzxv6Qt6mZoqRGzp4Un63FpZ5DiERHhkmEnLHcaP74X+p pugr57jvFdPlJkE1VkIr9XVqfPNUx275P8H9IxgYS3kurEdCoIKao1U/aoRCwUveZyd/ Hjdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=jYyYF1t2mHGVTY4ftPviwSWRuCLQ3rr+1qMjSuJVL4I=; b=XfxU+A4bbuOpOBSA7odooZDrVKPKXrOxgnbs7RGwfwJhlsXLlUfrkZOkQ2fCxydPrJ yTCG32w9UoAjzNc+cf3F+Nuz/gNjgq1NNkb8iT8pK9x7eQU3KMuAV1PuKYDqjtSDnqEr 5cxjXBHgJzK/GbV2GiZGHp3jZ7RZe6gjzz1bwLO5EkfBSJKs1Mx3QnSK3lVa04yUzo7B eEqz/FbANFz/wmBMqabZ5yf2YyR+6VV1uT8/zOePwpvVNlCXMN6G/kU1pn6uFZ/rpuVf HA37NX9h8Io9urzJVUznx+AaNAQhXyz/LOqcRBLMmvJE7AqHswqzIUHxkuN9ce5U/6Ib zrNw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ZwkRI3yY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m7si7504611pfc.118.2018.11.19.09.11.04; Mon, 19 Nov 2018 09:11:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ZwkRI3yY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2406976AbeKTDaO (ORCPT + 99 others); Mon, 19 Nov 2018 22:30:14 -0500 Received: from mail.kernel.org ([198.145.29.99]:45160 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2406208AbeKTDaN (ORCPT ); Mon, 19 Nov 2018 22:30:13 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E1C86214DA; Mon, 19 Nov 2018 17:05:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1542647155; bh=6Xfs7hyOugeosiZoLpLYdlacJpqkJgOzGEZlKGH0lVg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZwkRI3yY3kwNZv2nwMiFE0VOfq1r6Kay35FSaXOLT1YaHRIHvSdsbvZEah2dEACv4 5WJAznd+m/XsPhJ+736I9eW023VGqf9I3Oz5o5JX6AIQ2AUXjVND/+wzSBuESdmill qSlTdU1kUM9qMKHcRrz3v6stcCow1Gcm7+t6fDW8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Ondrej Mosnacek , Herbert Xu Subject: [PATCH 3.18 33/90] crypto: lrw - Fix out-of bounds access on counter overflow Date: Mon, 19 Nov 2018 17:29:15 +0100 Message-Id: <20181119162626.228476726@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181119162620.585061184@linuxfoundation.org> References: <20181119162620.585061184@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ondrej Mosnacek commit fbe1a850b3b1522e9fc22319ccbbcd2ab05328d2 upstream. When the LRW block counter overflows, the current implementation returns 128 as the index to the precomputed multiplication table, which has 128 entries. This patch fixes it to return the correct value (127). Fixes: 64470f1b8510 ("[CRYPTO] lrw: Liskov Rivest Wagner, a tweakable narrow block cipher mode") Cc: # 2.6.20+ Reported-by: Eric Biggers Signed-off-by: Ondrej Mosnacek Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/lrw.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/crypto/lrw.c +++ b/crypto/lrw.c @@ -132,7 +132,12 @@ static inline int get_index128(be128 *bl return x + ffz(val); } - return x; + /* + * If we get here, then x == 128 and we are incrementing the counter + * from all ones to all zeros. This means we must return index 127, i.e. + * the one corresponding to key2*{ 1,...,1 }. + */ + return 127; } static int crypt(struct blkcipher_desc *d,