lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAGXu5jJuU8PjPW-K=wDEaShKTenbADKwF4DcKPwNBrrynD0thg@mail.gmail.com>
Date:   Tue, 23 Apr 2019 13:04:31 -0700
From:   Kees Cook <keescook@...omium.org>
To:     syzbot <syzbot+e736399a2c4054612307@...kaller.appspotmail.com>
Cc:     "Jason A. Donenfeld" <Jason@...c4.com>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        aviadye@...lanox.com, borisp@...lanox.com,
        Daniel Borkmann <daniel@...earbox.net>, davejwatson@...com,
        "David S. Miller" <davem@...emloft.net>,
        David Howells <dhowells@...hat.com>,
        Eric Biggers <ebiggers3@...il.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        john.fastabend@...il.com, k.marinushkin@...il.com,
        linux-crypto <linux-crypto@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Network Development <netdev@...r.kernel.org>,
        Security Officers <security@...nel.org>,
        Steffen Klassert <steffen.klassert@...unet.com>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: KASAN: use-after-free Read in crypto_gcm_init_common

On Thu, Mar 21, 2019 at 2:33 AM syzbot
<syzbot+e736399a2c4054612307@...kaller.appspotmail.com> wrote:
>
> syzbot has bisected this bug to:
>
> commit 428490e38b2e352812e0b765d8bceafab0ec441d
> Author: Jason A. Donenfeld <Jason@...c4.com>
> Date:   Wed Sep 20 14:58:39 2017 +0000
>
>      security/keys: rewrite all of big_key crypto
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=160eabcf200000
> start commit:   428490e3 security/keys: rewrite all of big_key crypto
> git tree:       upstream
> final crash:    https://syzkaller.appspot.com/x/report.txt?x=150eabcf200000
> console output: https://syzkaller.appspot.com/x/log.txt?x=110eabcf200000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=9384ecb1c973baed
> dashboard link: https://syzkaller.appspot.com/bug?extid=e736399a2c4054612307
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=17902f5b400000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=111377e5400000
>
> Reported-by: syzbot+e736399a2c4054612307@...kaller.appspotmail.com
> Fixes: 428490e38b2e ("security/keys: rewrite all of big_key crypto")

Did this regression get fixed?

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ