Re: [PATCH v2] crypto: sun4i-ss - clamp PRNG seed length to prevent heap overflow

Next message: Steffen Eiden: "[PATCH v1 00/26] KVM: arm64 on s390 System Register Handling"
Previous message: Michael S. Tsirkin: "[PATCH v9 19/37] mm: use __GFP_ZERO in vma_alloc_anon_folio_pmd"
In reply to: Tianchu Chen: "[PATCH v2] crypto: sun4i-ss - clamp PRNG seed length to prevent heap overflow"
Next in thread: Corentin Labbe: "Re: [PATCH v2] crypto: sun4i-ss - clamp PRNG seed length to prevent heap overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Fri May 29 2026 - 12:17:29 EST

On Fri, May 29, 2026 at 08:08:01AM +0000, Tianchu Chen wrote:
> From: Tianchu Chen <flynnnchen@xxxxxxxxxxx>
>
> sun4i_ss_prng_seed() copies the user-supplied seed into ss->seed
> using the user-provided length with no bounds check. The crypto core
> does not enforce slen <= seedsize before calling into the driver, so a
> userspace caller via AF_ALG setsockopt(ALG_SET_KEY) can pass up to
> sysctl_optmem_max bytes, overflowing the fixed-size buffer and
> corrupting adjacent heap memory.
>
> Clamp the copy length to the buffer size, matching the approach used by
> loongson-rng for oversized seeds.
>
> Discovered by Atuin - Automated Vulnerability Discovery Engine.
>
> Fixes: 6298e948215f ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Tianchu Chen <flynnnchen@xxxxxxxxxxx>
> ---
> v2: Silently clamp oversized seeds with min_t instead of returning
> -EINVAL (Herbert Xu).

sun4i-ss-prng.c is useless, is still broken, and should just be deleted.

- Eric