There are corner cases where skcipher_walk_aead_encrypt() may be
invoked with a zero sized input, which is not rejected by the walker
code, but results in the skcipher_walk structure to not be fully
initialized. This will leave stale values in its page and buffer
members, which will be subsequently passed to kfree() or free_page() by
skcipher_walk_done(), resulting in a crash if those routines fail to
identify them as in valid inputs.
Fix this by setting page and buffer to NULL even if the size of the
input is zero. Note that for AEAD encryption in particular, a zero sized
input could be a valid and meaningful use of the API, given the support
for associated authenticated data (AAD), which gets reflected in the
authentication tag as well.
For symmetry, apply the same fix to the plain skcipher walker code, even
though in that case, no meaningful usage scenarios are known for zero
sized inputs.
Signed-off-by: Ard Biesheuvel <[email protected]>
---
crypto/skcipher.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/crypto/skcipher.c b/crypto/skcipher.c
index a15376245416..ed2deb031742 100644
--- a/crypto/skcipher.c
+++ b/crypto/skcipher.c
@@ -455,6 +455,8 @@ static int skcipher_walk_skcipher(struct skcipher_walk *walk,
walk->nbytes = 0;
walk->iv = req->iv;
walk->oiv = req->iv;
+ walk->buffer = NULL;
+ walk->page = NULL;
if (unlikely(!walk->total))
return 0;
@@ -511,6 +513,8 @@ static int skcipher_walk_aead_common(struct skcipher_walk *walk,
walk->nbytes = 0;
walk->iv = req->iv;
walk->oiv = req->iv;
+ walk->buffer = NULL;
+ walk->page = NULL;
if (unlikely(!walk->total))
return 0;
--
2.20.1