[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20161214050404.GC9592@gondor.apana.org.au>
Date: Wed, 14 Dec 2016 13:04:04 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Andy Lutomirski <luto@...capital.net>
Cc: Andy Lutomirski <luto@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
USB list <linux-usb@...r.kernel.org>,
David Howells <dhowells@...hat.com>, keyrings@...r.kernel.org,
Eric Biggers <ebiggers3@...il.com>,
linux-crypto@...r.kernel.org, Stephan Mueller <smueller@...onox.de>
Subject: Re: [PATCH v2] keys/encrypted: Fix two crypto-on-the-stack bugs
On Tue, Dec 13, 2016 at 06:53:03PM -0800, Andy Lutomirski wrote:
> On Tue, Dec 13, 2016 at 6:48 PM, Andy Lutomirski <luto@...nel.org> wrote:
> > The driver put a constant buffer of all zeros on the stack and
> > pointed a scatterlist entry at it in two places. This doesn't work
> > with virtual stacks. Use ZERO_PAGE instead.
>
> Wait a second...
>
> > - sg_set_buf(&sg_out[1], pad, sizeof pad);
> > + sg_set_buf(&sg_out[1], empty_zero_page, 16);
>
> My fix here is obviously bogus (I meant to use ZERO_PAGE(0)), but what
> exactly is the code trying to do? The old code makes no sense. It's
> setting the *output* buffer to zeroed padding.
It's decrypting so I presume it just needs to the extra space for
the padding and the result will be thrown away.
Cheers,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists