| From ccd9888f14a8019c0bbdeeae758aba1f58693712 Mon Sep 17 00:00:00 2001 |
| From: Eric Biggers <ebiggers@google.com> |
| Date: Sun, 5 Nov 2017 18:30:46 -0800 |
| Subject: crypto: dh - Don't permit 'key' or 'g' size longer than 'p' |
| |
| From: Eric Biggers <ebiggers@google.com> |
| |
| commit ccd9888f14a8019c0bbdeeae758aba1f58693712 upstream. |
| |
| The "qat-dh" DH implementation assumes that 'key' and 'g' can be copied |
| into a buffer with size 'p_size'. However it was never checked that |
| that was actually the case, which most likely allowed users to cause a |
| buffer underflow via KEYCTL_DH_COMPUTE. |
| |
| Fix this by updating crypto_dh_decode_key() to verify this precondition |
| for all DH implementations. |
| |
| Fixes: c9839143ebbf ("crypto: qat - Add DH support") |
| Signed-off-by: Eric Biggers <ebiggers@google.com> |
| Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com> |
| Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| crypto/dh_helper.c | 8 ++++++++ |
| 1 file changed, 8 insertions(+) |
| |
| --- a/crypto/dh_helper.c |
| +++ b/crypto/dh_helper.c |
| @@ -83,6 +83,14 @@ int crypto_dh_decode_key(const char *buf |
| if (secret.len != crypto_dh_key_len(params)) |
| return -EINVAL; |
| |
| + /* |
| + * Don't permit the buffer for 'key' or 'g' to be larger than 'p', since |
| + * some drivers assume otherwise. |
| + */ |
| + if (params->key_size > params->p_size || |
| + params->g_size > params->p_size) |
| + return -EINVAL; |
| + |
| /* Don't allocate memory. Set pointers to data within |
| * the given buffer |
| */ |