| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <4AF8BE0F-D400-4020-A8F6-EF61A797A24E@linux.dev>
Date: Mon, 13 Oct 2025 10:23:01 +0200
From: Thorsten Blum <thorsten.blum@...ux.dev>
To: Lukas Wunner <lukas@...ner.de>
Cc: David Howells <dhowells@...hat.com>,
Ignat Korchagin <ignat@...udflare.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Vivek Goyal <vgoyal@...hat.com>,
stable@...r.kernel.org,
keyrings@...r.kernel.org,
linux-crypto@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/2] crypto: asymmetric_keys - prevent overflow in
asymmetric_key_generate_id
On 13. Oct 2025, at 08:24, Lukas Wunner wrote:
> On Sun, Oct 12, 2025 at 10:38:40PM +0200, Thorsten Blum wrote:
>> +++ b/crypto/asymmetric_keys/asymmetric_type.c
>> @@ -141,12 +142,14 @@ struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
>> size_t len_2)
>> {
>> struct asymmetric_key_id *kid;
>> + size_t len;
>>
>> - kid = kmalloc(sizeof(struct asymmetric_key_id) + len_1 + len_2,
>> - GFP_KERNEL);
>> + if (check_add_overflow(len_1, len_2, &len))
>> + return ERR_PTR(-EOVERFLOW);
>> + kid = kmalloc(struct_size(kid, data, len), GFP_KERNEL);
>
> This will add (at least) 2 bytes to len (namely the size of struct
> asymmetric_key_id)) and may cause an overflow (even if len_1 + len_2
> did not overflow).
Could you explain which part adds "(at least) 2 bytes to len"?
Thanks,
Thorsten
Powered by blists - more mailing lists