Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 314811 Details for
Bug 459812
IPsec crash with MAC longer than 16 bytes
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
crypto: authenc - Avoid using clobbered request pointer
p (text/plain), 2.38 KB, created by
Herbert Xu
on 2008-08-22 15:42:53 UTC
(
hide
)
Description:
crypto: authenc - Avoid using clobbered request pointer
Filename:
MIME Type:
Creator:
Herbert Xu
Created:
2008-08-22 15:42:53 UTC
Size:
2.38 KB
patch
obsolete
>commit a697690bece75d4ba424c1318eb25c37d41d5829 >Author: Herbert Xu <herbert@gondor.apana.org.au> >Date: Sat Aug 23 01:04:06 2008 +1000 > > crypto: authenc - Avoid using clobbered request pointer > > Authenc works in two stages for encryption, it first encrypts and > then computes an ICV. The context memory of the request is used > by both operations. The problem is that when an asynchronous > encryption completes, we will compute the ICV and then reread the > context memory of the encryption to get the original request. > > It just happens that we have a buffer of 16 bytes in front of the > request pointer, so ICVs of 16 bytes (such as SHA1) do not trigger > the bug. However, any attempt to uses a larger ICV instantly kills > the machine when the first asynchronous encryption is completed. > > This patch fixes this by saving the request pointer before we start > the ICV computation. > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > >diff --git a/crypto/authenc.c b/crypto/authenc.c >index 4b22676..fd9f06c 100644 >--- a/crypto/authenc.c >+++ b/crypto/authenc.c >@@ -174,8 +174,9 @@ static int crypto_authenc_genicv(struct aead_request *req, u8 *iv, > static void crypto_authenc_encrypt_done(struct crypto_async_request *req, > int err) > { >+ struct aead_request *areq = req->data; >+ > if (!err) { >- struct aead_request *areq = req->data; > struct crypto_aead *authenc = crypto_aead_reqtfm(areq); > struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc); > struct ablkcipher_request *abreq = aead_request_ctx(areq); >@@ -185,7 +186,7 @@ static void crypto_authenc_encrypt_done(struct crypto_async_request *req, > err = crypto_authenc_genicv(areq, iv, 0); > } > >- aead_request_complete(req->data, err); >+ aead_request_complete(areq, err); > } > > static int crypto_authenc_encrypt(struct aead_request *req) >@@ -216,14 +217,15 @@ static int crypto_authenc_encrypt(struct aead_request *req) > static void crypto_authenc_givencrypt_done(struct crypto_async_request *req, > int err) > { >+ struct aead_request *areq = req->data; >+ > if (!err) { >- struct aead_request *areq = req->data; > struct skcipher_givcrypt_request *greq = aead_request_ctx(areq); > > err = crypto_authenc_genicv(areq, greq->giv, 0); > } > >- aead_request_complete(req->data, err); >+ aead_request_complete(areq, err); > } > > static int crypto_authenc_givencrypt(struct aead_givcrypt_request *req)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=314811">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 459812
: 314811 |
316877