Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp2815884pxb;
        Mon, 11 Jan 2021 22:05:13 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxj2Cf9Zkh6lgM0zH4oappghYwr2jbERUKsl/JXYROdqWHZOVYqyrMFuTUVjOv7YCTst41i
X-Received: by 2002:a05:6402:1d3b:: with SMTP id dh27mr2151974edb.238.1610431513340;
        Mon, 11 Jan 2021 22:05:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1610431513; cv=none;
        d=google.com; s=arc-20160816;
        b=oqQSzOmlCKZkrDO7zIciBk/1sFqj8KdAcP5CnugJ773GYviia+X1RauhiOIg+PBAO6
         2v1wBWR2Ib4FcsTcgXu/EXH49VL9LP5dQj7+F0FThxQDIDyid+4ghPKgeUmVhav0pPWv
         AzDJdN4cm5bOvjjF4Xf5g3Pc5ZZ9ioOsaH5lkOEbXfN419r2qgaVTm1/W0i2zn/9psCD
         lTnjrkLE5IG023NmBCpLM6bFqu7m3xVbrli85vzovGPa7YWesqW0cF9JRWnw5fhzUQ0a
         Iez3uOZFDSJwrf5quZUZMTkSPvMAmaT2QUYrTjuxF2stw6Pt/qxc+dQ7taB0nOzl++18
         cP1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=pgv4wGixYcmVMEZSu8I9dQoT9ULzxB/fEzRd45FPENc=;
        b=HgMXqvtQaZXvqEv0N4M7fk2qK6MnA9WBFbjMYX+xysrTVb7XP1K6QYFLc0Q2iOdqJF
         BPATtmQXoprePHRaR6/4ifQHFGOXtuWBmLckJTflwlmSxArJ4LDxwHkagBo3/DyDAmcM
         T6u9CU6Kak/uUidhOFnXHRM3PaxRQiv9UKuKbnzxMnrnFD41FBxmV2NcQyDYFlDW0Eml
         OcN3IncYZXCQFzvlU3I8cNY0UEDdwLaMXmCcXzMJMr5nbOXVZqkdAKRh1/0kOZRVMLSm
         yrcU58m6gGkC/QOpqD2MbkbtmQ+hanTk7sarfWPup0yDL0/E06pmA5HoxCm12Wl+4LhE
         rk/A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="iRTfISL/";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id lt6si187226ejb.133.2021.01.11.22.04.49;
        Mon, 11 Jan 2021 22:05:13 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="iRTfISL/";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2387707AbhAKNnj (ORCPT <rfc822;linux.whf@gmail.com> + 99 others);
        Mon, 11 Jan 2021 08:43:39 -0500
Received: from mail.kernel.org ([198.145.29.99]:59068 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1730789AbhAKNL5 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 11 Jan 2021 08:11:57 -0500
Received: by mail.kernel.org (Postfix) with ESMTPSA id 4EBDD21534;
        Mon, 11 Jan 2021 13:11:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1610370676;
        bh=dCWYoSgP0H6MmMbGD2bGUmY/0stEmMVXnyrvmkctCRs=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=iRTfISL/sqt7jQhhLXjGfivls7f9PBROrg3GG7V4lQijfPUO71S7lBif20Yw0aiew
         KVYxU7xTFhnJsRs52vtKzuBY5m+zayj1mHhW2p6bPBTh1z59I4avw/uS9pgZNF5uT0
         sqz3qS2p1/TGWTyvHXoPDVPnWFux6EJgeqN2T3Sw=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Pavel Machek <pavel@denx.de>,
        Ard Biesheuvel <ardb@kernel.org>,
        Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 5.4 49/92] crypto: ecdh - avoid buffer overflow in ecdh_set_secret()
Date:   Mon, 11 Jan 2021 14:01:53 +0100
Message-Id: <20210111130041.505768530@linuxfoundation.org>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <20210111130039.165470698@linuxfoundation.org>
References: <20210111130039.165470698@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Ard Biesheuvel <ardb@kernel.org>

commit 0aa171e9b267ce7c52d3a3df7bc9c1fc0203dec5 upstream.

Pavel reports that commit 17858b140bf4 ("crypto: ecdh - avoid unaligned
accesses in ecdh_set_secret()") fixes one problem but introduces another:
the unconditional memcpy() introduced by that commit may overflow the
target buffer if the source data is invalid, which could be the result of
intentional tampering.

So check params.key_size explicitly against the size of the target buffer
before validating the key further.

Fixes: 17858b140bf4 ("crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()")
Reported-by: Pavel Machek <pavel@denx.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 crypto/ecdh.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -39,7 +39,8 @@ static int ecdh_set_secret(struct crypto
 	struct ecdh params;
 	unsigned int ndigits;
 
-	if (crypto_ecdh_decode_key(buf, len, &params) < 0)
+	if (crypto_ecdh_decode_key(buf, len, &params) < 0 ||
+	    params.key_size > sizeof(ctx->private_key))
 		return -EINVAL;
 
 	ndigits = ecdh_supported_curve(params.curve_id);