| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4dcd4254-030b-4489-d5d3-e320eb2953e7@bytedance.com>
Date: Wed, 18 Aug 2021 16:33:49 +0800
From: zhenwei pi <pizhenwei@...edance.com>
To: dhowells@...hat.com, herbert@...dor.apana.org.au,
davem@...emloft.net
Cc: keyrings@...r.kernel.org, linux-crypto@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: PING: [PATCH] crypto: public_key: fix overflow during implicit
conversion
PING
On 8/10/21 2:39 PM, zhenwei pi wrote:
> Hit kernel warning like this, it can be reproduced by verifying 256
> bytes datafile by keyctl command.
>
> WARNING: CPU: 5 PID: 344556 at crypto/rsa-pkcs1pad.c:540 pkcs1pad_verify+0x160/0x190
> ...
> Call Trace:
> public_key_verify_signature+0x282/0x380
> ? software_key_query+0x12d/0x180
> ? keyctl_pkey_params_get+0xd6/0x130
> asymmetric_key_verify_signature+0x66/0x80
> keyctl_pkey_verify+0xa5/0x100
> do_syscall_64+0x35/0xb0
> entry_SYSCALL_64_after_hwframe+0x44/0xae
>
> '.digest_size(u8) = params->in_len(u32)' leads overflow of an u8 value,
> so use u32 instead of u8 of digest. And reorder struct
> public_key_signature, it could save 8 bytes on a 64 bit machine.
>
> Signed-off-by: zhenwei pi <pizhenwei@...edance.com>
> ---
> include/crypto/public_key.h | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
> index 47accec68cb0..f603325c0c30 100644
> --- a/include/crypto/public_key.h
> +++ b/include/crypto/public_key.h
> @@ -38,9 +38,9 @@ extern void public_key_free(struct public_key *key);
> struct public_key_signature {
> struct asymmetric_key_id *auth_ids[2];
> u8 *s; /* Signature */
> - u32 s_size; /* Number of bytes in signature */
> u8 *digest;
> - u8 digest_size; /* Number of bytes in digest */
> + u32 s_size; /* Number of bytes in signature */
> + u32 digest_size; /* Number of bytes in digest */
> const char *pkey_algo;
> const char *hash_algo;
> const char *encoding;
>
--
zhenwei pi
Powered by blists - more mailing lists