Eric Biggers 268a84d36e crypto: af_alg - avoid undefined behavior accessing salg_name ... commit 92eb6c3060 upstream. Commit 3f69cc6076 ("crypto: af_alg - Allow arbitrarily long algorithm names") made the kernel start accepting arbitrarily long algorithm names in sockaddr_alg. However, the actual length of the salg_name field stayed at the original 64 bytes. This is broken because the kernel can access indices >= 64 in salg_name, which is undefined behavior -- even though the memory that is accessed is still located within the sockaddr structure. It would only be defined behavior if the array were properly marked as arbitrary-length (either by making it a flexible array, which is the recommended way these days, or by making it an array of length 0 or 1). We can't simply change salg_name into a flexible array, since that would break source compatibility with userspace programs that embed sockaddr_alg into another struct, or (more commonly) declare a sockaddr_alg like 'struct sockaddr_alg sa = { .salg_name = "foo" };'. One solution would be to change salg_name into a flexible array only when '#ifdef __KERNEL__'. However, that would keep userspace without an easy way to actually use the longer algorithm names. Instead, add a new structure 'sockaddr_alg_new' that has the flexible array field, and expose it to both userspace and the kernel. Make the kernel use it correctly in alg_bind(). This addresses the syzbot report "UBSAN: array-index-out-of-bounds in alg_bind" (https://syzkaller.appspot.com/bug?extid=92ead4eb8e26a26d465e). Reported-by: syzbot+92ead4eb8e26a26d465e@syzkaller.appspotmail.com Fixes: 3f69cc6076 ("crypto: af_alg - Allow arbitrarily long algorithm names") Cc: <stable@vger.kernel.org> # v4.12+ Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-12-30 11:25:48 +01:00
..
asymmetric_keys
async_tx
842.c
ablkcipher.c
acompress.c
aead.c
aegis.h
aegis128.c
aegis128l.c
aegis256.c
aes_generic.c
aes_ti.c
af_alg.c	crypto: af_alg - avoid undefined behavior accessing salg_name	2020-12-30 11:25:48 +01:00
ahash.c
akcipher.c
algapi.c
algboss.c
algif_aead.c
algif_hash.c
algif_rng.c
algif_skcipher.c
ansi_cprng.c
anubis.c
api.c
arc4.c
authenc.c
authencesn.c
blkcipher.c
blowfish_common.c
blowfish_generic.c
camellia_generic.c
cast_common.c
cast5_generic.c
cast6_generic.c
cbc.c
ccm.c
cfb.c
chacha20_generic.c
chacha20poly1305.c
cipher.c
cmac.c
compress.c
crc32_generic.c
crc32c_generic.c
crct10dif_common.c
crct10dif_generic.c
cryptd.c
crypto_engine.c
crypto_null.c
crypto_user.c
crypto_wq.c
ctr.c
cts.c
deflate.c
des_generic.c
dh_helper.c
dh.c
drbg.c
ecb.c
ecc_curve_defs.h
ecc.c
ecc.h
ecdh_helper.c
ecdh.c
echainiv.c
fcrypt.c
fips.c
gcm.c
gf128mul.c
ghash-generic.c
hash_info.c
hmac.c
internal.h
jitterentropy-kcapi.c
jitterentropy.c
Kconfig
keywrap.c
khazad.c
kpp.c
lrw.c
lz4.c
lz4hc.c
lzo.c
Makefile
mcryptd.c
md4.c
md5.c
memneq.c
michael_mic.c
morus640.c
morus1280.c
pcbc.c
pcrypt.c
poly1305_generic.c
proc.c
ripemd.h
rmd128.c
rmd160.c
rmd256.c
rmd320.c
rng.c
rsa_helper.c
rsa-pkcs1pad.c
rsa.c
rsaprivkey.asn1
rsapubkey.asn1
salsa20_generic.c
scatterwalk.c
scompress.c
seed.c
seqiv.c
serpent_generic.c
sha1_generic.c
sha3_generic.c
sha256_generic.c
sha512_generic.c
shash.c
simd.c
skcipher.c
sm3_generic.c
sm4_generic.c
tcrypt.c
tcrypt.h
tea.c
testmgr.c
testmgr.h
tgr192.c
twofish_common.c
twofish_generic.c
vmac.c
wp512.c
xcbc.c
xor.c
xts.c
zstd.c