| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_ED8C99A7EB86C012DA86504993EEC1EECA06@qq.com>
Date: Wed, 20 Dec 2023 14:56:23 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+8ffb0839a24e9c6bfa76@...kaller.appspotmail.com
Cc: linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [crypto?] KASAN: slab-out-of-bounds Read in arc4_crypt
please test slab-out-of-bounds Read in arc4_crypt
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 17cb8a20bde6
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 02cea2149504..e1f44dc60e4a 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -106,7 +106,7 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg,
struct af_alg_async_req *areq;
unsigned cflags = 0;
int err = 0;
- size_t len = 0;
+ size_t len = 0, aqlen;
if (!ctx->init || (ctx->more && ctx->used < bs)) {
err = af_alg_wait_for_data(sk, flags, bs);
@@ -115,11 +115,13 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg,
}
/* Allocate cipher request for current operation. */
- areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) +
- crypto_skcipher_reqsize(tfm));
+ aqlen = sizeof(struct af_alg_async_req) + crypto_skcipher_reqsize(tfm);
+ areq = af_alg_alloc_areq(sk, aqlen + 1032);
if (IS_ERR(areq))
return PTR_ERR(areq);
+ printk("req: %p, areqlen: %u, al: %u, %s\n",
+ &areq->cra_u.skcipher_req, areq->areqlen, aqlen, __func__);
/* convert iovecs of output buffers into RX SGL */
err = af_alg_get_rsgl(sk, msg, flags, areq, ctx->used, &len);
if (err)
Powered by blists - more mailing lists