lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aAY0lyWzsRVDge_f@gondor.apana.org.au>
Date: Mon, 21 Apr 2025 20:05:43 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Su Hui <suhui@...china.com>
Cc: davem@...emloft.net, linux-crypto@...r.kernel.org,
	linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org,
	linux-hardening@...r.kernel.org
Subject: Re: [PATCH] crypto: using size_add() for kmalloc()

On Mon, Apr 21, 2025 at 01:51:06PM +0800, Su Hui wrote:
>
> @@ -433,7 +434,7 @@ static inline struct aead_request *aead_request_alloc(struct crypto_aead *tfm,
>  {
>  	struct aead_request *req;
>  
> -	req = kmalloc(sizeof(*req) + crypto_aead_reqsize(tfm), gfp);
> +	req = kmalloc(size_add(sizeof(*req), crypto_aead_reqsize(tfm)), gfp);

This is just wrong.  You should fail the allocation altogether
rather than proceeding with a length that is insufficient.

However, reqsize shouldn't be anywhere near overflowing in the
first place.  If you're truly worried about this, you should
change the algorithm registration code to check whether reqsize
is sane.

And that needs to wait until the algorithms are fixed to not use
dynamic reqsizes.

Cheers,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ