[linux] 01/02: crypto: skcipher - Add missing API setkey checks (CVE-2017-9211)
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Thu Jun 1 07:08:45 UTC 2017
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch sid
in repository linux.
commit cd87fb7a86f1098194adbe71d70faceec905a52a
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Thu Jun 1 08:28:54 2017 +0200
crypto: skcipher - Add missing API setkey checks (CVE-2017-9211)
---
debian/changelog | 1 +
...to-skcipher-Add-missing-api-setkey-checks.patch | 78 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 80 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 501a3c4..cc7b9bc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -417,6 +417,7 @@ linux (4.9.30-1) UNRELEASED; urgency=medium
* sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (CVE-2017-9075)
* ipv6/dccp: do not inherit ipv6_mc_list from parent (CVE-2017-9076
CVE-2017-9077)
+ * crypto: skcipher - Add missing API setkey checks (CVE-2017-9211)
-- Ben Hutchings <ben at decadent.org.uk> Mon, 08 May 2017 21:11:08 +0200
diff --git a/debian/patches/bugfix/all/crypto-skcipher-Add-missing-api-setkey-checks.patch b/debian/patches/bugfix/all/crypto-skcipher-Add-missing-api-setkey-checks.patch
new file mode 100644
index 0000000..348bb5f
--- /dev/null
+++ b/debian/patches/bugfix/all/crypto-skcipher-Add-missing-api-setkey-checks.patch
@@ -0,0 +1,78 @@
+From: Herbert Xu <herbert at gondor.apana.org.au>
+Date: Wed, 10 May 2017 03:48:23 +0800
+Subject: crypto: skcipher - Add missing API setkey checks
+Origin: https://git.kernel.org/linus/9933e113c2e87a9f46a40fde8dafbf801dca1ab9
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-9211
+
+The API setkey checks for key sizes and alignment went AWOL during the
+skcipher conversion. This patch restores them.
+
+Cc: <stable at vger.kernel.org>
+Fixes: 4e6c3df4d729 ("crypto: skcipher - Add low-level skcipher...")
+Reported-by: Baozeng <sploving1 at gmail.com>
+Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+---
+ crypto/skcipher.c | 40 +++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 39 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/skcipher.c b/crypto/skcipher.c
+index 014af74..4faa0fd 100644
+--- a/crypto/skcipher.c
++++ b/crypto/skcipher.c
+@@ -764,6 +764,44 @@ static int crypto_init_skcipher_ops_ablkcipher(struct crypto_tfm *tfm)
+ return 0;
+ }
+
++static int skcipher_setkey_unaligned(struct crypto_skcipher *tfm,
++ const u8 *key, unsigned int keylen)
++{
++ unsigned long alignmask = crypto_skcipher_alignmask(tfm);
++ struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
++ u8 *buffer, *alignbuffer;
++ unsigned long absize;
++ int ret;
++
++ absize = keylen + alignmask;
++ buffer = kmalloc(absize, GFP_ATOMIC);
++ if (!buffer)
++ return -ENOMEM;
++
++ alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
++ memcpy(alignbuffer, key, keylen);
++ ret = cipher->setkey(tfm, alignbuffer, keylen);
++ kzfree(buffer);
++ return ret;
++}
++
++static int skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
++ unsigned int keylen)
++{
++ struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
++ unsigned long alignmask = crypto_skcipher_alignmask(tfm);
++
++ if (keylen < cipher->min_keysize || keylen > cipher->max_keysize) {
++ crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
++ return -EINVAL;
++ }
++
++ if ((unsigned long)key & alignmask)
++ return skcipher_setkey_unaligned(tfm, key, keylen);
++
++ return cipher->setkey(tfm, key, keylen);
++}
++
+ static void crypto_skcipher_exit_tfm(struct crypto_tfm *tfm)
+ {
+ struct crypto_skcipher *skcipher = __crypto_skcipher_cast(tfm);
+@@ -784,7 +822,7 @@ static int crypto_skcipher_init_tfm(struct crypto_tfm *tfm)
+ tfm->__crt_alg->cra_type == &crypto_givcipher_type)
+ return crypto_init_skcipher_ops_ablkcipher(tfm);
+
+- skcipher->setkey = alg->setkey;
++ skcipher->setkey = skcipher_setkey;
+ skcipher->encrypt = alg->encrypt;
+ skcipher->decrypt = alg->decrypt;
+ skcipher->ivsize = alg->ivsize;
+--
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 0ea503a..3a3e27b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -109,6 +109,7 @@ bugfix/all/dccp-tcp-do-not-inherit-mc_list-from-parent.patch
bugfix/all/ipv6-prevent-overrun-when-parsing-v6-header-options.patch
bugfix/all/sctp-do-not-inherit-ipv6_-mc-ac-fl-_list-from-parent.patch
bugfix/all/ipv6-dccp-do-not-inherit-ipv6_mc_list-from-parent.patch
+bugfix/all/crypto-skcipher-Add-missing-api-setkey-checks.patch
# Fix exported symbol versions
bugfix/ia64/revert-ia64-move-exports-to-definitions.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list