lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Aug 2020 15:56:20 +0200 From: Ard Biesheuvel <ardb@...nel.org> To: Herbert Xu <herbert@...dor.apana.org.au> Cc: Andrew Zaborowski <andrew.zaborowski@...el.com>, Paul Menzel <pmenzel@...gen.mpg.de>, Caleb Jorden <caljorden@...mail.com>, Sasha Levin <sashal@...nel.org>, iwd@...ts.01.org, "# 3.4.x" <stable@...r.kernel.org>, Greg KH <gregkh@...uxfoundation.org>, LKML <linux-kernel@...r.kernel.org>, "David S. Miller" <davem@...emloft.net>, Linux Crypto Mailing List <linux-crypto@...r.kernel.org> Subject: Re: [PATCH] crypto: af_alg - Work around empty control messages without MSG_MORE On Wed, 26 Aug 2020 at 15:30, Herbert Xu <herbert@...dor.apana.org.au> wrote: > > The iwd daemon uses libell which sets up the skcipher operation with > two separate control messages. This is fine by itself but the first > control message is sent without MSG_MORE. This means that the first > control message is interpreted as an empty request. > > While libell should be fixed to use MSG_MORE where appropriate, this > patch works around the bug in the kernel so that existing binaries > continue to work. > > We will print a warning however. > > Reported-by: Caleb Jorden <caljorden@...mail.com> > Fixes: f3c802a1f300 ("crypto: algif_aead - Only wake up when...") > Cc: <stable@...r.kernel.org> > Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au> > Applied this onto v5.4.60, and it makes the iwd selftests pass again Acked-by: Ard Biesheuvel <ardb@...nel.org> Tested-by: Ard Biesheuvel <ardb@...nel.org> > diff --git a/crypto/af_alg.c b/crypto/af_alg.c > index a6f581ab200c..3da21cadc326 100644 > --- a/crypto/af_alg.c > +++ b/crypto/af_alg.c > @@ -16,6 +16,7 @@ > #include <linux/module.h> > #include <linux/net.h> > #include <linux/rwsem.h> > +#include <linux/sched.h> > #include <linux/sched/signal.h> > #include <linux/security.h> > > @@ -846,8 +847,14 @@ int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, > > lock_sock(sk); > if (ctx->init && (init || !ctx->more)) { > - err = -EINVAL; > - goto unlock; > + if (ctx->used) { > + err = -EINVAL; > + goto unlock; > + } > + > + pr_info_once( > + "%s sent an empty control message without MSG_MORE.\n", > + current->comm); > } > ctx->init = true; > > -- > Email: Herbert Xu <herbert@...dor.apana.org.au> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists