| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_35D11227DD835DA5994ACF968DCFA58B8D07@qq.com>
Date: Wed, 20 Dec 2023 18:19:24 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+8ffb0839a24e9c6bfa76@...kaller.appspotmail.com
Cc: linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [crypto?] KASAN: slab-out-of-bounds Read in arc4_crypt
please test slab-out-of-bounds Read in arc4_crypt
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 17cb8a20bde6
diff --git a/crypto/lskcipher.c b/crypto/lskcipher.c
index a06008e112f3..f7727698b797 100644
--- a/crypto/lskcipher.c
+++ b/crypto/lskcipher.c
@@ -205,11 +205,19 @@ static int crypto_lskcipher_crypt_sg(struct skcipher_request *req,
struct crypto_lskcipher **ctx = crypto_skcipher_ctx(skcipher);
u8 *ivs = skcipher_request_ctx(req);
struct crypto_lskcipher *tfm = *ctx;
+ struct lskcipher_alg *alg = crypto_lskcipher_alg(tfm);
struct skcipher_walk walk;
unsigned ivsize;
u32 flags;
int err;
+ static u8 relen;
+ if (!relen) {
+ printk("req: %p, alg: %p, ss: %u, %s\n", req, alg, alg->co.statesize, __func__);
+ *req->__ctx = kzalloc(alg->co.statesize, GFP_KERNEL);
+ req->areqlen += alg->co.statesize;
+ relen = 1;
+ }
ivsize = crypto_lskcipher_ivsize(tfm);
ivs = PTR_ALIGN(ivs, crypto_skcipher_alignmask(skcipher) + 1);
Powered by blists - more mailing lists