lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZIhD53a/6Svmn1aS@gondor.apana.org.au>
Date: Tue, 13 Jun 2023 18:24:39 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: syzbot <syzbot+e79818f5c12416aba9de@...kaller.appspotmail.com>
Cc: davem@...emloft.net, dhowells@...hat.com, linux-crypto@...r.kernel.org,
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
	pabeni@...hat.com, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [crypto?] general protection fault in cryptd_hash_export

On Mon, Jun 12, 2023 at 02:43:45AM -0700, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    ded5c1a16ec6 Merge branch 'tools-ynl-gen-code-gen-improvem..
> git tree:       net-next
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=104cdef1280000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=526f919910d4a671
> dashboard link: https://syzkaller.appspot.com/bug?extid=e79818f5c12416aba9de
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=13c6193b280000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=16c7a795280000
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/ffd66beb6784/disk-ded5c1a1.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/e7336ae5a7bf/vmlinux-ded5c1a1.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/10ded02dc7e2/bzImage-ded5c1a1.xz
> 
> The issue was bisected to:
> 
> commit c662b043cdca89bf0f03fc37251000ac69a3a548
> Author: David Howells <dhowells@...hat.com>
> Date:   Tue Jun 6 13:08:56 2023 +0000
> 
>     crypto: af_alg/hash: Support MSG_SPLICE_PAGES

David, the logic for calling hash_alloc_result looks quite different
from that on whether you do the hash finalisation.  I'd suggest that
you change them to use the same check, and also set use NULL instead
of ctx->result if you didn't call hash_alloc_result.

Thanks,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ