zfs/module/icp/algs/modes
Attila Fülöp 3ac34ca375 ICP: Fix out of bounds write
If gcm_mode_encrypt_contiguous_blocks() is called more than once
in succession, with the accumulated lengths being less than
blocksize, ctx->copy_to will be incorrectly advanced. Later, if
out is NULL, the bcopy at line 114 will overflow
ctx->gcm_copy_to since ctx->gcm_remainder_len is larger than the
ctx->gcm_copy_to buffer can hold.

The fix is to set ctx->copy_to only if it's not already set.

For ZoL the issue may be academic, since in all my testing I wasn't
able to hit neither of both conditions needed to trigger it, but
other consumers can easily do so.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Tom Caputi <tcaputi@datto.com>
Signed-off-by: Attila Fülöp <attila@fueloep.org>
Closes #9660
2019-12-06 09:36:19 -08:00
..
cbc.c Illumos Crypto Port module added to enable native encryption in zfs 2016-07-20 10:43:30 -07:00
ccm.c Fix kernel unaligned access on sparc64 2018-07-11 13:10:40 -07:00
ctr.c codebase style improvements for OpenZFS 6459 port 2017-01-22 13:25:40 -08:00
ecb.c Illumos Crypto Port module added to enable native encryption in zfs 2016-07-20 10:43:30 -07:00
gcm.c ICP: Fix out of bounds write 2019-12-06 09:36:19 -08:00
gcm_generic.c Add support for selecting encryption backend 2018-08-02 11:59:24 -07:00
gcm_pclmulqdq.c OpenZFS restructuring - move platform specific headers 2019-09-05 09:34:54 -07:00
modes.c Illumos Crypto Port module added to enable native encryption in zfs 2016-07-20 10:43:30 -07:00