lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 14 Jun 2021 17:03:40 +0000
From:   Al Viro <viro@...iv.linux.org.uk>
To:     Jhih Ming Huang <fbihjmeric@...il.com>
Cc:     Greg KH <gregkh@...uxfoundation.org>, fabioaiuto83@...il.com,
        ross.schm.dev@...il.com, maqianga@...ontech.com,
        marcocesati@...il.com, linux-staging@...ts.linux.dev,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] rtw_security: fix cast to restricted __le32

On Mon, Jun 14, 2021 at 11:27:03PM +0800, Jhih Ming Huang wrote:

> Thanks for your explanation.
> 
> To clarify, even though it might be false positives in some senses,
> following "hold the variable native-endian and check the conversion
> done correctly"
> is much easier than the other way. And it's exactly the current implementation.
> 
> So it's better to keep the current implementation and ignore the
> warnings, right?

Umm...  If that's the case, the warnings should go away if you use
cpu_to_le32() for conversions from native to l-e and le32_to_cpu()
for conversions from l-e to native.

IOW, the choice between those should annotate what's going on.

In your case doing
	*((u32 *)crc) = le32_to_cpu((__force __le32)~crc32_le(~0, payload, length - 4));
is wrong - you have
crc32_le(...) native-endian
~crc32_le(...) - ditto
le32_to_cpu(~crc32_le(...)) - byteswapped native-endian on b-e, unchanged on
l-e.  So result will be little-endian representation of ~crc32(...) in all
cases.  IOW, it's cpu_to_le32(~crc32_le(...)), misannotated as native-endian
instead of little-endian it actually is.

Then you store that value (actually __le32) into *(u32 *)crc.  Seeing that
crc is u8[4] there, that *(u32 *) is misleading - you are actually storing
__le32 there (and, AFAICS, doing noting with the result).  The same story
in rtw_tkip_decrypt(), only there you do use the result later.

So just make it __le32 crc and
	crc = cpu_to_le32(~crc32_le(~0, payload, length - 4));
with
			if (crc[3] != payload[length - 1] || crc[2] != payload[length - 2] ||
			    crc[1] != payload[length - 3] || crc[0] != payload[length - 4])
turned into
			if (memcmp(&crc, payload + length - 4, 4) != 0)
(or (crc != get_unaligned((__le32 *)(payload + length - 4))),
for that matter, to document what's going on and let the damn thing
pick the optimal implementation for given architecture).

Incidentally, your secmicgetuint32() is simply get_unaligned_le32()
and secmicputuint32() - put_unaligned_le32().  No need to reinvent
that wheel...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ