Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp4327529rdb; Thu, 28 Dec 2023 19:30:48 -0800 (PST) X-Google-Smtp-Source: AGHT+IF8YJAhlamQQA3YmPUMZlSY8o7xnfIcSpGTdEIAEyIsd5b5q8vnMX7vnusHcnuU8himp5ZN X-Received: by 2002:a05:6808:1295:b0:3bb:6d50:b962 with SMTP id a21-20020a056808129500b003bb6d50b962mr14943748oiw.80.1703820647783; Thu, 28 Dec 2023 19:30:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703820647; cv=none; d=google.com; s=arc-20160816; b=oH0PdbKmYNzaA6BsCCuIZgtycEQa3qJLdDaLpNOHHufAoekm4kjBwcDyei62ii3k1L o07GB7M0TvzZDsIkLjRypeJzbwwjreK5I9evC7FesukHRf28+nnTUW+zViFsddNA/8tD 0cLWCN6+QgDSRfg+2zZeGlHSFurAi51va3p3weL0+X3U1HVzsE+YRiq9mQXBvh2xc3Vl fSiCZZ1nO1teRxrk4/gZUbTyLbNvTo0HOxJl5s9Uz3ySqXYzW1lNZAga0oegMic+VJzz 8hMRBVmKNLxQqfJRz/v5NNNEE8MifVphIF6mdIUcz3aTocr2phirKySn9BvQbeLijqUr Fntg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date; bh=AAhDRejINc/eXb6vt6Dc7+hUk3nGfQGbhlrtujI1/yo=; fh=raL3gZExMA3p+j90H4zNR6IB9OTGdl2wjzR1xfWOzxI=; b=xwDGv/QChAY+rjUqtIZsb6mRv604LtD5oAb03f91XdzNe1abdFSD4sCLHRniYkgLHs fDTI3MyYnutcKkrXr6NMaYxLmJ30sH7d8oVZwLYnXSoa54G4l9j9C3QQ4hl+SnYeriUk vlKQGQSWOvT6XYIgeMPZL6is8e5lpQLxtiwhpTAdMirc42iD2Ruh6LXWzDR9i/2AtFHK 2YysKWqcxYRRmEMPELUGlejQJrWuRMQPRMVUQxkTkm3y6AxAjkJJKQgPh/G09bbVmXgc q80Eax/IUpFz2wp9g3lgT71scij8QlS7r1IzpnB88LkllF7/4dGD6Kh6/z6IbAmhdBrw Hq7A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto+bounces-1085-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1085-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id bv192-20020a632ec9000000b005cd8938b10csi13734445pgb.631.2023.12.28.19.30.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Dec 2023 19:30:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-1085-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto+bounces-1085-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1085-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 6F58128497F for ; Fri, 29 Dec 2023 03:30:47 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C5FD2612D; Fri, 29 Dec 2023 03:30:43 +0000 (UTC) X-Original-To: linux-crypto@vger.kernel.org Received: from abb.hmeau.com (abb.hmeau.com [144.6.53.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 01A666101; Fri, 29 Dec 2023 03:30:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=gondor.apana.org.au Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gondor.apana.org.au Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1rJ3Zo-00FGCD-Gc; Fri, 29 Dec 2023 11:30:25 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Fri, 29 Dec 2023 11:30:35 +0800 Date: Fri, 29 Dec 2023 11:30:35 +0800 From: Herbert Xu To: chengming.zhou@linux.dev Cc: akpm@linux-foundation.org, chrisl@kernel.org, davem@davemloft.net, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, nphamcs@gmail.com, syzkaller-bugs@googlegroups.com, yosryahmed@google.com, 21cnbao@gmail.com, zhouchengming@bytedance.com, syzbot+3eff5e51bf1db122a16e@syzkaller.appspotmail.com Subject: Re: [PATCH v2] crypto: scompress - fix req->dst buffer overflow Message-ID: References: <0000000000000b05cd060d6b5511@google.com> <20231227093523.2735484-1-chengming.zhou@linux.dev> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231227093523.2735484-1-chengming.zhou@linux.dev> On Wed, Dec 27, 2023 at 09:35:23AM +0000, chengming.zhou@linux.dev wrote: > From: Chengming Zhou > > The req->dst buffer size should be checked before copying from the > scomp_scratch->dst to avoid req->dst buffer overflow problem. > > Fixes: 1ab53a77b772 ("crypto: acomp - add driver-side scomp interface") > Reported-by: syzbot+3eff5e51bf1db122a16e@syzkaller.appspotmail.com > Closes: https://lore.kernel.org/all/0000000000000b05cd060d6b5511@google.com/ > Signed-off-by: Chengming Zhou > --- > v2: > - change error code to ENOSPC. > --- > crypto/scompress.c | 6 ++++++ > 1 file changed, 6 insertions(+) Patch applied. Thanks. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt