| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120817111826.15226265ph07g70g@www.81.fi>
Date: Fri, 17 Aug 2012 11:18:26 +0300
From: Jussi Kivilinna <jussi.kivilinna@...et.fi>
To: David Daney <ddaney.cavm@...il.com>
Cc: "Kasatkin, Dmitry" <dmitry.kasatkin@...el.com>,
herbert@...dor.apana.org.au,
linux-crypto <linux-crypto@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
linux-security-module <linux-security-module@...r.kernel.org>
Subject: Re: on stack dynamic allocations
Quoting David Daney <ddaney.cavm@...il.com>:
> On 08/16/2012 02:20 PM, Kasatkin, Dmitry wrote:
>> Hello,
>>
>> Some places in the code uses variable-size allocation on stack..
>> For example from hmac_setkey():
>>
>> struct {
>> struct shash_desc shash;
>> char ctx[crypto_shash_descsize(hash)];
>> } desc;
>>
>>
>> sparse complains
>>
>> CHECK crypto/hmac.c
>> crypto/hmac.c:57:47: error: bad constant expression
>>
>> I like it instead of kmalloc..
>>
>> But what is position of kernel community about it?
>
> If you know that the range of crypto_shash_descsize(hash) is
> bounded, just use the upper bound.
>
> If the range of crypto_shash_descsize(hash) is unbounded, then the
> stack will overflow and ... BOOM!
>
Quick look shows that largest crypto_shash_descsize() would be with
hmac+s390/sha512, 16 + 332 = 348. Crypto-api also prevents registering
shash with descsize larger than (PAGE_SIZE / 8).
-Jussi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists