lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZLpoDumeF/+xax/V@corigine.com>
Date:   Fri, 21 Jul 2023 12:12:14 +0100
From:   Simon Horman <simon.horman@...igine.com>
To:     Ard Biesheuvel <ardb@...nel.org>
Cc:     linux-crypto@...r.kernel.org,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Eric Biggers <ebiggers@...nel.org>,
        Kees Cook <keescook@...omium.org>,
        Haren Myneni <haren@...ibm.com>,
        Nick Terrell <terrelln@...com>,
        Minchan Kim <minchan@...nel.org>,
        Sergey Senozhatsky <senozhatsky@...omium.org>,
        Jens Axboe <axboe@...nel.dk>,
        Giovanni Cabiddu <giovanni.cabiddu@...el.com>,
        Richard Weinberger <richard@....at>,
        David Ahern <dsahern@...nel.org>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Steffen Klassert <steffen.klassert@...unet.com>,
        linux-kernel@...r.kernel.org, linux-block@...r.kernel.org,
        qat-linux@...el.com, linuxppc-dev@...ts.ozlabs.org,
        linux-mtd@...ts.infradead.org, netdev@...r.kernel.org
Subject: Re: [RFC PATCH 20/21] crypto: deflate - implement acomp API directly

On Tue, Jul 18, 2023 at 02:58:46PM +0200, Ard Biesheuvel wrote:

...

> -static int deflate_comp_init(struct deflate_ctx *ctx)
> +static int deflate_process(struct acomp_req *req, struct z_stream_s *stream,
> +			   int (*process)(struct z_stream_s *, int))
>  {
> -	int ret = 0;
> -	struct z_stream_s *stream = &ctx->comp_stream;
> +	unsigned int slen = req->slen;
> +	unsigned int dlen = req->dlen;
> +	struct scatter_walk src, dst;
> +	unsigned int scur, dcur;
> +	int ret;
>  
> -	stream->workspace = vzalloc(zlib_deflate_workspacesize(
> -				-DEFLATE_DEF_WINBITS, DEFLATE_DEF_MEMLEVEL));
> -	if (!stream->workspace) {
> -		ret = -ENOMEM;
> -		goto out;
> -	}
> +	stream->avail_in = stream->avail_out = 0;
> +
> +	scatterwalk_start(&src, req->src);
> +	scatterwalk_start(&dst, req->dst);
> +
> +	scur = dcur = 0;
> +
> +	do {
> +		if (stream->avail_in == 0) {
> +			if (scur) {
> +				slen -= scur;
> +
> +				scatterwalk_unmap(stream->next_in - scur);
> +				scatterwalk_advance(&src, scur);
> +				scatterwalk_done(&src, 0, slen);
> +			}
> +
> +			scur = scatterwalk_clamp(&src, slen);
> +			if (scur) {
> +				stream->next_in = scatterwalk_map(&src);
> +				stream->avail_in = scur;
> +			}
> +		}
> +
> +		if (stream->avail_out == 0) {
> +			if (dcur) {
> +				dlen -= dcur;
> +
> +				scatterwalk_unmap(stream->next_out - dcur);
> +				scatterwalk_advance(&dst, dcur);
> +				scatterwalk_done(&dst, 1, dlen);
> +			}
> +
> +			dcur = scatterwalk_clamp(&dst, dlen);
> +			if (!dcur)
> +				break;

Hi Ard,

I'm unsure if this can happen. But if this break occurs in the first
iteration of this do loop, then ret will be used uninitialised below.

Smatch noticed this.

> +
> +			stream->next_out = scatterwalk_map(&dst);
> +			stream->avail_out = dcur;
> +		}
> +
> +		ret = process(stream, (slen == scur) ? Z_FINISH : Z_SYNC_FLUSH);
> +	} while (ret == Z_OK);
> +
> +	if (scur)
> +		scatterwalk_unmap(stream->next_in - scur);
> +	if (dcur)
> +		scatterwalk_unmap(stream->next_out - dcur);
> +
> +	if (ret != Z_STREAM_END)
> +		return -EINVAL;
> +
> +	req->dlen = stream->total_out;
> +	return 0;
> +}

...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ