Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp4130272pxv; Mon, 26 Jul 2021 22:38:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxJ1goDyWktQnU79M7YL9uTJqiKkRkRwcebjwx4P9jJFGI4x6gh6BRMcTKM3rscVshsS/wb X-Received: by 2002:a05:6638:3292:: with SMTP id f18mr20427147jav.120.1627364313646; Mon, 26 Jul 2021 22:38:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627364313; cv=none; d=google.com; s=arc-20160816; b=yQRg4QRivv6GYBfIzcbFzmCt5+yDpcH4KTP9SPqFuEwpp3q0izqVTLO3E6gFhh7Y8Z jHggFFCPOCS5goz3crtGRczg8Lo6NA11OEWdASWRazfS+bsfcLRlBIe4iLrz9U4OKpvD FSkiLLUGRdEW5/AXQKWIAjNC+b29u27grxy8CQAbWbWvVfvLBsyflVMqwLDW+X/nst5J 0tvI2QEnn4fRZEBkxokmDulh9WRYBCGwDaq2qvFY4ecKTDm2g2ZmraURHpUl3hnJKHhR ywnJ0p6vBj24oKJEF+Rh5HvoPt7h1wjHhbUJHVK3qB2siYg3rT0dAhO67cxk/zAFx7Mf mVRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=EL9tuSyejn7r9A/JofPSNgDTyZ+uq6Qp4SvanD17d5k=; b=fV1yuDYSGSw9Ut0GMDnBiSnw7hWKm9VnmZ8trqPZGr2FfX2kwKkH4OOx6fq7Wk2Shv e2ymTrd7zMvWttF78yxbg/luM+UzG/12QkptdTeyfW9wp0ZoHPUSH0sVl4QwZPcDhtJX lOQq/4wVnP6k/u6VtCsqXfFzpxn2DdbOEmHd+LHxuvgM1HrfBRATvMb44HtpWfd6Y1Qn L+JqRclL1bCWQ34WS9oeP1IVzxskYDnSGEad6Wy6ePYwbRFQdgXHj+AE5mhb0JJO6cv6 IAWxDTQZUvf3SupTE4hnB/NHRTx+wVjMrof4phvGrJTQnCTiwmsSeHBC//uX6Y2FhevR N68A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Nr2s3avo; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w3si2513164iol.91.2021.07.26.22.38.22; Mon, 26 Jul 2021 22:38:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Nr2s3avo; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234867AbhG0FiM (ORCPT + 99 others); Tue, 27 Jul 2021 01:38:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:48140 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233553AbhG0FiL (ORCPT ); Tue, 27 Jul 2021 01:38:11 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 9FCFD60F90; Tue, 27 Jul 2021 05:38:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1627364291; bh=0xAVsd9KoCyr0o32NIcttnw+73Jww45a9+0ilFQnBo4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Nr2s3avoudRdZw6pIh6+FVRyYJgPJB9ClyqAW+z/cHX9sMt++Uk2m+G/PiTFaQrLc jw2kY/dRimZEB+mekWwfmob3yawuAIG2Puy/Wy0cl3OrLcrt6vXXfQyXHHAJGl59r9 LHQDQkirMaZlg7DdXJI24DvU+/71Gx3856YPX4dc= Date: Tue, 27 Jul 2021 07:38:09 +0200 From: Greg Kroah-Hartman To: Eric Biggers Cc: Jordy Zomer , netdev@vger.kernel.org, Herbert Xu , "David S. Miller" , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] crypto: ccm - avoid negative wrapping of integers Message-ID: References: <20210726170120.410705-1-jordy@pwning.systems> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, Jul 27, 2021 at 07:36:56AM +0200, Greg Kroah-Hartman wrote: > On Mon, Jul 26, 2021 at 10:18:47AM -0700, Eric Biggers wrote: > > On Mon, Jul 26, 2021 at 07:01:20PM +0200, Jordy Zomer wrote: > > > Set csize to unsigned int to avoid it from wrapping as a negative number (since format input sends an unsigned integer to this function). This would also result in undefined behavior in the left shift when msg len is checked, potentially resulting in a buffer overflow in the memcpy call. > > > > > > Signed-off-by: Jordy Zomer > > > --- > > > To address was corrected, and ccm was added to the topic to indicate that this is just for ccm. > > > > > > crypto/ccm.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/crypto/ccm.c b/crypto/ccm.c > > > index 6b815ece51c6..e14201edf9db 100644 > > > --- a/crypto/ccm.c > > > +++ b/crypto/ccm.c > > > @@ -66,7 +66,7 @@ static inline struct crypto_ccm_req_priv_ctx *crypto_ccm_reqctx( > > > return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), align + 1); > > > } > > > > > > -static int set_msg_len(u8 *block, unsigned int msglen, int csize) > > > +static int set_msg_len(u8 *block, unsigned int msglen, unsigned int csize) > > > { > > > __be32 data; > > > > This isn't necessarily a bad change, but the value of csize is clearly in > > [1, 256] if you read format_input(), and in fact is in [2, 8] if you read the > > whole file, so please don't claim this is actually fixing anything, as it's not. > > Oh that was not obvious at all, I looked at that for a long time and > missed the place where this was checked earlier. Perhaps just make > csize here a u8 and that would take away all question about what is > happening? And part of this effort is to make it obvious that there is no overflow happening, to allow tools to check this type of thing. When you have to work backwards long long ways like this, it makes automatic auditing almost impossible, along with manual auditing like I tried to do :) thanks, greg k-h