Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-09-21 07:23:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
A mirror of the official Linux kernel repository just in case
1,088,002 Commits 7 Branches 853 Tags 5.7 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
9381fe8c84
Go to file
Ziyang Xuan 9381fe8c84 net/tls: fix slab-out-of-bounds bug in decrypt_internal 
The memory size of tls_ctx->rx.iv for AES128-CCM is 12 setting in
tls_set_sw_offload(). The return value of crypto_aead_ivsize()
for "ccm(aes)" is 16. So memcpy() require 16 bytes from 12 bytes
memory space will trigger slab-out-of-bounds bug as following:

==================================================================
BUG: KASAN: slab-out-of-bounds in decrypt_internal+0x385/0xc40 [tls]
Read of size 16 at addr ffff888114e84e60 by task tls/10911

Call Trace:
 <TASK>
 dump_stack_lvl+0x34/0x44
 print_report.cold+0x5e/0x5db
 ? decrypt_internal+0x385/0xc40 [tls]
 kasan_report+0xab/0x120
 ? decrypt_internal+0x385/0xc40 [tls]
 kasan_check_range+0xf9/0x1e0
 memcpy+0x20/0x60
 decrypt_internal+0x385/0xc40 [tls]
 ? tls_get_rec+0x2e0/0x2e0 [tls]
 ? process_rx_list+0x1a5/0x420 [tls]
 ? tls_setup_from_iter.constprop.0+0x2e0/0x2e0 [tls]
 decrypt_skb_update+0x9d/0x400 [tls]
 tls_sw_recvmsg+0x3c8/0xb50 [tls]

Allocated by task 10911:
 kasan_save_stack+0x1e/0x40
 __kasan_kmalloc+0x81/0xa0
 tls_set_sw_offload+0x2eb/0xa20 [tls]
 tls_setsockopt+0x68c/0x700 [tls]
 __sys_setsockopt+0xfe/0x1b0

Replace the crypto_aead_ivsize() with prot->iv_size + prot->salt_size
when memcpy() iv value in TLS_1_3_VERSION scenario.

Fixes: f295b3ae9f ("net/tls: Add support of AES128-CCM based ciphers")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2022-04-01 11:53:35 +01:00
arch Networking fixes for 5.18-rc1 and rethook patches. 2022-03-31 11:23:31 -07:00
block ptrace: Cleanups for v5.18 2022-03-28 17:29:53 -07:00
certs KEYS: Introduce link restriction for machine keys 2022-03-08 13:55:52 +02:00
crypto for-5.18/64bit-pi-2022-03-25 2022-03-26 12:01:35 -07:00
Documentation Networking fixes for 5.18-rc1 and rethook patches. 2022-03-31 11:23:31 -07:00
drivers net: sfc: add missing xdp queue reinitialization 2022-04-01 11:52:21 +01:00
fs fs: fix fd table size alignment properly 2022-03-29 23:29:18 -07:00
include Networking fixes for 5.18-rc1 and rethook patches. 2022-03-31 11:23:31 -07:00
init Merge branch 'akpm' (patches from Andrew) 2022-03-24 14:14:07 -07:00
ipc fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
kernel Networking fixes for 5.18-rc1 and rethook patches. 2022-03-31 11:23:31 -07:00
lib lib/test: use after free in register_test_dev_kmod() 2022-03-29 15:13:36 -07:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm mm: page_alloc: validate buddy before check its migratetype. 2022-03-30 15:45:43 -07:00
net net/tls: fix slab-out-of-bounds bug in decrypt_internal 2022-04-01 11:53:35 +01:00
samples dma-mapping updates for Linux 5.18 2022-03-29 08:50:14 -07:00
scripts Driver core changes for 5.18-rc1 2022-03-28 12:41:28 -07:00
security ptrace: Cleanups for v5.18 2022-03-28 17:29:53 -07:00
sound xen: branch for v5.18-rc1 2022-03-28 14:32:39 -07:00
tools Networking fixes for 5.18-rc1 and rethook patches. 2022-03-31 11:23:31 -07:00
usr reiserfs_xattr.h: add linux/reiserfs_xattr.h to UAPI compile-test coverage 2022-02-17 09:09:38 +01:00
virt KVM: compat: riscv: Prevent KVM_COMPAT from being selected 2022-03-11 19:02:15 +05:30
.clang-format genirq/msi: Make interrupt allocation less convoluted 2021-12-16 22:22:20 +01:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: ignore only top-level modules.builtin 2021-05-02 00:43:35 +09:00
.mailmap Char/Misc and other driver updates for 5.18-rc1 2022-03-28 12:27:35 -07:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: replace a Microchip AT91 maintainer 2022-02-09 11:30:01 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Networking fixes for 5.18-rc1 and rethook patches. 2022-03-31 11:23:31 -07:00
Makefile array-bounds updates for v5.18-rc1 2022-03-26 12:30:44 -07:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.