Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3719141pxv;
        Mon, 26 Jul 2021 10:10:25 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxLUSB254AGzsCrmml9xhd5I31AzY49k1Waz4ZeztdaQtYV8SNw6vknIL8fGxHY54RIod3Q
X-Received: by 2002:a17:906:b0d1:: with SMTP id bk17mr17938167ejb.59.1627319425357;
        Mon, 26 Jul 2021 10:10:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1627319425; cv=none;
        d=google.com; s=arc-20160816;
        b=K6wwA5Y3/6f96rZzPHmtXvYZCV4iv8ZzZwnZKWidyMqLPwe9OspQGvxg5RfV3B0CI5
         pSBMi0wwGV7n+DPtq9D8Q8rus6Jc0App47EBoXVpwJuFZybYWllPCItQ2eFm3b+f6BEV
         0w0d2RiFlf0Kjyc+kZDwufYr6+GY7LtARWep2vZXnAjXbn1ZmWal5TkRDF5THUKKUjG+
         H/+tjurbCLzyHiHwsFvUEA0K2A1Vo/lZIdL6OgxDItNqzNc3xB5L4Q3UBPvsxdyS3Nii
         kz0KX8tUz/h6EqzpE1d6fOYt6wZkBhhAzgcq5VVl5Pw9jipy5cJ6pFx8IvGhods+xtzL
         MGWA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:to:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:from;
        bh=tS82y7uokTYZlLSW+yXcCW1dnotM6cvNKPr/Xbh5jmM=;
        b=isCkgpadSowu1iZdG8PACgRR3JxgpWr0IA0kEHgh/Fy5fGcyyiLmaz8ZGc81ir+/6z
         Q4KKo/fUr0fpwaMo3b/RZrbFNU3AU9PzLYTqA5FCWnPZmkj+/jvy6peKkRsgW171gabA
         DrS6HDVDWQsVI3Q7dyfkOgKDKHAAuuPfFMPLaUwoC8tO+Hg4iQD2AZOXQw/33E3nNMh3
         FqcnilQ9xT6Or7LnnWVFADoyty36Ldo3TNkePdAqvu+uDycxvQ27YYE9IahBdzNaErBY
         Xxw/n5tk0MUFoUSGEUNqfhGb+P2I1CWclX4ZexbWd8eevVtAh5W6X3BGO1VPq8aJ36gc
         fjJQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id r24si527647ejy.194.2021.07.26.10.09.50;
        Mon, 26 Jul 2021 10:10:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235602AbhGZQRZ (ORCPT <rfc822;ujwal.kundur.foss@gmail.com>
        + 99 others); Mon, 26 Jul 2021 12:17:25 -0400
Received: from h2.fbrelay.privateemail.com ([131.153.2.43]:50223 "EHLO
        h2.fbrelay.privateemail.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S240800AbhGZQOv (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Mon, 26 Jul 2021 12:14:51 -0400
X-Greylist: delayed 568 seconds by postgrey-1.27 at vger.kernel.org; Mon, 26 Jul 2021 12:14:49 EDT
Received: from MTA-12-3.privateemail.com (mta-12-1.privateemail.com [198.54.122.106])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by h1.fbrelay.privateemail.com (Postfix) with ESMTPS id 6028B80890;
        Mon, 26 Jul 2021 12:45:47 -0400 (EDT)
Received: from mta-12.privateemail.com (localhost [127.0.0.1])
        by mta-12.privateemail.com (Postfix) with ESMTP id EAC0D18000B7;
        Mon, 26 Jul 2021 12:45:44 -0400 (EDT)
Received: from localhost.localdomain (unknown [10.20.151.242])
        by mta-12.privateemail.com (Postfix) with ESMTPA id 64C3C18000A1;
        Mon, 26 Jul 2021 12:45:43 -0400 (EDT)
From:   Jordy Zomer <jordy@pwning.systems>
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Jordy Zomer <jordy@pwning.systems>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH] crypto: avoid negative wrapping of integers 
Date:   Mon, 26 Jul 2021 18:45:01 +0200
Message-Id: <20210726164501.410524-1-jordy@pwning.systems>
X-Mailer: git-send-email 2.27.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: ClamAV using ClamSMTP
To:     unlisted-recipients:; (no To-header on input)
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Set csize to unsigned int to avoid it from wrapping as a negative number (since format input sends an unsigned integer to this function). This would also result in undefined behavior in the left shift when msg len is checked, potentially resulting in a buffer overflow in the memcpy call.

Signed-off-by: Jordy Zomer <jordy@pwning.systems>
---
 crypto/ccm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ccm.c b/crypto/ccm.c
index 6b815ece51c6..e14201edf9db 100644
--- a/crypto/ccm.c
+++ b/crypto/ccm.c
@@ -66,7 +66,7 @@ static inline struct crypto_ccm_req_priv_ctx *crypto_ccm_reqctx(
 	return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), align + 1);
 }
 
-static int set_msg_len(u8 *block, unsigned int msglen, int csize)
+static int set_msg_len(u8 *block, unsigned int msglen, unsigned int csize)
 {
 	__be32 data;
 
-- 
2.27.0