| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1484228002-25078-1-git-send-email-gilad@benyossef.com>
Date: Thu, 12 Jan 2017 15:33:22 +0200
From: Gilad Ben-Yossef <gilad@...yossef.com>
To: steffen.klassert@...unet.com, herbert@...dor.apana.org.au,
davem@...emloft.net, netdev@...r.kernel.org
Cc: ofir.drang@....com, gilad.benyossef@....com,
Gilad Ben-Yossef <gilad@...yossef.com>
Subject: [PATCH net-next] IPsec: do not ignore crypto err in ah input
ah input processing uses the asynchrnous hash crypto API which
supplies an error code as part of the operation completion but
the error code was being ignored.
Treat a crypto API error indication as a verification failure.
While a crypto API reported error would almost certainly result
in a memcpy of the digest failing anyway and thus the security
risk seems minor, performing a memory compare on what might be
uninitialized memory is wrong.
Signed-off-by: Gilad Ben-Yossef <gilad@...yossef.com>
---
The change was boot tested on Arm64 but I did not exercise
the specific error code path in question.
net/ipv4/ah4.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index f2a7102..22377c8 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -270,6 +270,9 @@ static void ah_input_done(struct crypto_async_request *base, int err)
int ihl = ip_hdrlen(skb);
int ah_hlen = (ah->hdrlen + 2) << 2;
+ if (err)
+ goto out;
+
work_iph = AH_SKB_CB(skb)->tmp;
auth_data = ah_tmp_auth(work_iph, ihl);
icv = ah_tmp_icv(ahp->ahash, auth_data, ahp->icv_trunc_len);
--
2.1.4
Powered by blists - more mailing lists