Re: [PATCH v7 2/9] crypto: cbc: Remove VLA usage

From: Kees Cook
Date: Tue Aug 07 2018 - 16:59:40 EST


On Tue, Aug 7, 2018 at 2:47 AM, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
> On Thu, Aug 02, 2018 at 03:51:45PM -0700, Kees Cook wrote:
>> In the quest to remove all stack VLA usage from the kernel[1], this
>> uses the upper bounds on blocksize. Since this is always a cipher
>> blocksize, use the existing cipher max blocksize.
>>
>> [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@xxxxxxxxxxxxxx
>>
>> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
>> ---
>> include/crypto/cbc.h | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/include/crypto/cbc.h b/include/crypto/cbc.h
>> index f5b8bfc22e6d..47db0aac2ab9 100644
>> --- a/include/crypto/cbc.h
>> +++ b/include/crypto/cbc.h
>> @@ -113,7 +113,9 @@ static inline int crypto_cbc_decrypt_inplace(
>> unsigned int bsize = crypto_skcipher_blocksize(tfm);
>> unsigned int nbytes = walk->nbytes;
>> u8 *src = walk->src.virt.addr;
>> - u8 last_iv[bsize];
>> + u8 last_iv[MAX_CIPHER_BLOCKSIZE];
>> +
>> + BUG_ON(bsize > sizeof(last_iv));
>
> Ugh, please don't add these BUG_ONs. Add them to the places where
> the algorithm is created (if they aren't checking that already).

It's already being checked (cra_blocksize vs MAX_CIPHER_BLOCKSIZE) so
I was just adding the BUG_ON to catch "impossible" behavior. I'll
leave it out in the next revision.

-Kees

--
Kees Cook
Pixel Security