Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3016708imu; Mon, 19 Nov 2018 09:24:07 -0800 (PST) X-Google-Smtp-Source: AJdET5fX0jBOwLgDR3VUBgxEkYx5cBH0Wi9JqzI4amqSOs/S+n9KH+Jihg+3n8EIR75pSIVc8ab7 X-Received: by 2002:a63:4e41:: with SMTP id o1mr21284374pgl.282.1542648247694; Mon, 19 Nov 2018 09:24:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542648247; cv=none; d=google.com; s=arc-20160816; b=ltY+eZe2dnNhLjS2lY/srbpoHUsfiEMDvk7OzlbuNUje+lu+CbmXwDebO08WPY9Jcp ztQDr9V8vrr/QOOYF4ffkSADwSW82x6t5ZMB6XAAyxVvGiSZEY1rhchws2lgv+fZgauY Inzs/7GzV9kO8JMTYg9/lm9efp42P/zDRGWA7B3RRLIFkuc+6KlaNJ29Ubnt9hVTIMrf jHiRdGH2Ti91AH7gK4KHPuMeBLckKP92pPltof3j0/vewVWTZBRwTyC8kS6QKjN9Wr2k 1ayMMGT8BWLX0IGcJ5fojooJL1aC8yBJWWrwOfIvbcJjYpOYTgyNxz8tfaPA2DyCSETz TE/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=/SOTkK2XiTztZr+YSTeIRvmM864dOTDjKG2m99INuVk=; b=pGygK1VFdv0rdZqVtP5BA+1MQJWWzB9+q7k9bjb/lsMw2ortj+8yupk+bCuP7PSzUu 31q6NZWroP7aj1d99eKxGKfN+DWyXVt4tcTQcwi4rwyRGt+nf0pmt9Cn2Z2ef9ZR/VC0 ktMRZkM9UweGrB9O/1fTlCOGOgM8TmTu/UeUis/ov18lelYWmjUoXRHjcmn+G1dO6TLc kIzfURfTW3AzcT42KywMT/5vcS2ZEddaQi53ealV/RTR07gProxWUqDCZlYPfCAK67Ic JDl/eH2UnHhecvRvLEMWFDrdu14qmOKIKwwXOtScbOIgRHhaMtCsi7QZ5f+KDaDi208V 1wdQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=D22O+lbr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s17si39095386pgi.513.2018.11.19.09.23.46; Mon, 19 Nov 2018 09:24:07 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=D22O+lbr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404814AbeKTDWh (ORCPT + 99 others); Mon, 19 Nov 2018 22:22:37 -0500 Received: from mail.kernel.org ([198.145.29.99]:34302 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404112AbeKTDWf (ORCPT ); Mon, 19 Nov 2018 22:22:35 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F07A42146D; Mon, 19 Nov 2018 16:58:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1542646700; bh=t998XcIaJ4OU++dAcZKXyhGB4PyfmUBZy84U+MlFKKs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=D22O+lbroR7YV/guQNTDvdaBKW0vHEG8x9n31zuyldR56IwSXOcJNXskc9KlL0RJq nWtPeqQBkNSSQetsJT9d9O6vlDyFDfTol2v90qulBX0X7Q9ZjOUxrDencXR5Gf7Bor wWAelu1zw8hU1jbFUhyQ753YhlCmyOBqdu8JRzIU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , Ondrej Mosnacek , Herbert Xu Subject: [PATCH 4.4 056/160] crypto: lrw - Fix out-of bounds access on counter overflow Date: Mon, 19 Nov 2018 17:28:15 +0100 Message-Id: <20181119162636.914813819@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181119162630.031306128@linuxfoundation.org> References: <20181119162630.031306128@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ondrej Mosnacek commit fbe1a850b3b1522e9fc22319ccbbcd2ab05328d2 upstream. When the LRW block counter overflows, the current implementation returns 128 as the index to the precomputed multiplication table, which has 128 entries. This patch fixes it to return the correct value (127). Fixes: 64470f1b8510 ("[CRYPTO] lrw: Liskov Rivest Wagner, a tweakable narrow block cipher mode") Cc: # 2.6.20+ Reported-by: Eric Biggers Signed-off-by: Ondrej Mosnacek Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/lrw.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/crypto/lrw.c +++ b/crypto/lrw.c @@ -132,7 +132,12 @@ static inline int get_index128(be128 *bl return x + ffz(val); } - return x; + /* + * If we get here, then x == 128 and we are incrementing the counter + * from all ones to all zeros. This means we must return index 127, i.e. + * the one corresponding to key2*{ 1,...,1 }. + */ + return 127; } static int crypt(struct blkcipher_desc *d,