Re: [PATCH net v2] net/tls: fix slab-out-of-bounds bug in decrypt_internal

From: Jakub Kicinski
Date: Thu Mar 31 2022 - 23:21:07 EST

Next message: Jakob Koschel: "Re: [PATCH] virt: acrn: fix invalid check past list iterator"
Previous message: Huang, Ying: "Re: [PATCH 5/8] mm/vmscan: use helper folio_is_file_lru()"
In reply to: Ziyang Xuan: "[PATCH net v2] net/tls: fix slab-out-of-bounds bug in decrypt_internal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 31 Mar 2022 15:04:28 +0800 Ziyang Xuan wrote:
> The memory size of tls_ctx->rx.iv for AES128-CCM is 12 setting in
> tls_set_sw_offload(). The return value of crypto_aead_ivsize()
> for "ccm(aes)" is 16. So memcpy() require 16 bytes from 12 bytes
> memory space will trigger slab-out-of-bounds bug as following:
>
> ==================================================================
> BUG: KASAN: slab-out-of-bounds in decrypt_internal+0x385/0xc40 [tls]
> Read of size 16 at addr ffff888114e84e60 by task tls/10911

Reviewed-by: Jakub Kicinski <kuba@xxxxxxxxxx>

Thanks!

Next message: Jakob Koschel: "Re: [PATCH] virt: acrn: fix invalid check past list iterator"
Previous message: Huang, Ying: "Re: [PATCH 5/8] mm/vmscan: use helper folio_is_file_lru()"
In reply to: Ziyang Xuan: "[PATCH net v2] net/tls: fix slab-out-of-bounds bug in decrypt_internal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]