zfs/module/icp/algs
Attila Fülöp 3ac34ca375 ICP: Fix out of bounds write
If gcm_mode_encrypt_contiguous_blocks() is called more than once
in succession, with the accumulated lengths being less than
blocksize, ctx->copy_to will be incorrectly advanced. Later, if
out is NULL, the bcopy at line 114 will overflow
ctx->gcm_copy_to since ctx->gcm_remainder_len is larger than the
ctx->gcm_copy_to buffer can hold.

The fix is to set ctx->copy_to only if it's not already set.

For ZoL the issue may be academic, since in all my testing I wasn't
able to hit neither of both conditions needed to trigger it, but
other consumers can easily do so.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Tom Caputi <tcaputi@datto.com>
Signed-off-by: Attila Fülöp <attila@fueloep.org>
Closes 
2019-12-06 09:36:19 -08:00
..
aes Linux 4.14, 4.19, 5.0+ compat: SIMD save/restore 2019-10-24 10:17:33 -07:00
edonr Update build system and packaging 2018-05-29 16:00:33 -07:00
modes ICP: Fix out of bounds write 2019-12-06 09:36:19 -08:00
sha1 Fix icp build on FreeBSD 2019-11-01 10:27:53 -07:00
sha2 Encryption patch follow-up 2017-10-11 16:54:48 -04:00
skein Fix typos in modules/icp/ 2019-08-30 14:26:07 -07:00