From patchwork Wed Oct 25 01:56:17 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Levin, Alexander \(Sasha Levin\)" X-Patchwork-Id: 117004 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp326105qgn; Tue, 24 Oct 2017 19:05:00 -0700 (PDT) X-Google-Smtp-Source: ABhQp+QClXq6BxtOkABa+gDsIlcVuJpZCZbbLBGprzONPr2EWrYl094hqNnkUXwcbtwj/C//cCwa X-Received: by 10.84.149.197 with SMTP id a5mr487365plh.231.1508897099992; Tue, 24 Oct 2017 19:04:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508897099; cv=none; d=google.com; s=arc-20160816; b=M1qTkJjkMdrXQuVgSOJXQ4uLlB0qvX2nwTTgUXHyjk5qarNrESc/HbX/GEunprxOeJ AjbjT/ezfKQAFEGpcbL0J6VGroPqIidgGONy7scVfehdjT4L8gRsljGvhDOp1Vx84r2K HyjSiZsZe42z1Pu+mzpr9Huk0kHsg1qpcqFiQOcXpRxRO3CPtnY0x9p8j+zJO8OA593b DXlSXkKyRGswY62jW2KEl75ncc1vAtluC74lFFcBX/i2qmXpW4XmXV/jpAaW9PQvgJ8t PXz+wArU+1CVGREXHqpdQuohjF/NXG/YyXtzGv9AntfMhNN7ke29a+bADP1EeIlOHgWE WJTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:to:dkim-signature :dkim-signature:cc:from:dkim-signature:arc-authentication-results; bh=I2/ColT1m6pN5adw5VQA7KMdwu/mMX63+Z4i9HRFB/A=; b=LJHfvsKGiRRlWvvPlYH5jB/Xlcrg+qBrY8R1R9GSiPTVEA7nElMokX8GsD5y6Mn2K/ u2ZzaJYInutAXxAYQfhx37LKNj/t2UeqgsRLvmPi2smreS4rV554c7mIJAX5sYZ3mYR2 bsRv8Up+QX1ZSBrgl/Bl8nKc9v9/l8YRQxIhwFp2AEznkWLgwVtBwIZkWMW6A8Km4ua+ OvAdfujSyMEWk7NOAKR7aDe8vX1IC3OYwj2O0HOMqbxYOaMPsJae6t5au49KqNpaKxeJ X0YrAFXab0+c84G1rNYptRBmQ9Tojp5O4PkKibwoLumPEaGZQIHAB+zg5eMbizDBuO0K HcZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@verizon.com header.s=corp header.b=NSbj6Rny; dkim=fail header.i=@verizon.com header.s=corp header.b=r6eTA6Vi; dkim=fail header.i=@verizon.com header.s=corp header.b=r6eTA6Vi; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=verizon.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 84si1013094pgb.638.2017.10.24.19.04.59; Tue, 24 Oct 2017 19:04:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@verizon.com header.s=corp header.b=NSbj6Rny; dkim=fail header.i=@verizon.com header.s=corp header.b=r6eTA6Vi; dkim=fail header.i=@verizon.com header.s=corp header.b=r6eTA6Vi; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=verizon.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932402AbdJYCE6 (ORCPT + 9 others); Tue, 24 Oct 2017 22:04:58 -0400 Received: from omzsmtpe02.verizonbusiness.com ([199.249.25.209]:23659 "EHLO omzsmtpe02.verizonbusiness.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932601AbdJYB6Z (ORCPT ); Tue, 24 Oct 2017 21:58:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=verizon.com; i=@verizon.com; q=dns/txt; s=corp; t=1508896705; x=1540432705; h=from:cc:to:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=s+xKgcmjAdTVce/RlxKairRMXsZrwgjUYha70LdWhtI=; b=NSbj6RnyOmrfqLD7BOeQI/Qs6F5ABGw4+M7RFjdG/FZR2ZAvF7xzlf3b CrbyU4L8lXZdgyqQGKM8ke86HiWrmyv8+sXyEx9RaGWM3zsWCxrecR+St EV7v59eoLR7/lTW26+q+BTcJwBN547fccV4zUPchkUqdno32p19YezfNL 4=; Received: from unknown (HELO fldsmtpi02.verizon.com) ([166.68.71.144]) by omzsmtpe02.verizonbusiness.com with ESMTP; 25 Oct 2017 01:58:19 +0000 From: "Levin, Alexander (Sasha Levin)" Cc: Gilad Ben-Yossef , Steffen Klassert , "Levin, Alexander (Sasha Levin)" Received: from rogue-10-255-192-101.rogue.vzwcorp.com (HELO apollo.verizonwireless.com) ([10.255.192.101]) by fldsmtpi02.verizon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 25 Oct 2017 01:57:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=verizon.com; i=@verizon.com; q=dns/txt; s=corp; t=1508896657; x=1540432657; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=s+xKgcmjAdTVce/RlxKairRMXsZrwgjUYha70LdWhtI=; b=r6eTA6ViCCtnz6wOirpT1N29ExpXIz3s4nNJqXzb8wQprU+YT7uKJE4a ixqs+NuK0XejGCstnuW6vveOZvEHDcUZcF5+2vmlWk8+7YpKgA1+2yA3m i+OQSybee+94jwYM2Mnp5CjW39juQ3qG1R8tQP/3WPQvxhGyNLzlzKIL8 U=; Received: from surveyor.tdc.vzwcorp.com (HELO eris.verizonwireless.com) ([10.254.88.83]) by apollo.verizonwireless.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 24 Oct 2017 21:57:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=verizon.com; i=@verizon.com; q=dns/txt; s=corp; t=1508896657; x=1540432657; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=s+xKgcmjAdTVce/RlxKairRMXsZrwgjUYha70LdWhtI=; b=r6eTA6ViCCtnz6wOirpT1N29ExpXIz3s4nNJqXzb8wQprU+YT7uKJE4a ixqs+NuK0XejGCstnuW6vveOZvEHDcUZcF5+2vmlWk8+7YpKgA1+2yA3m i+OQSybee+94jwYM2Mnp5CjW39juQ3qG1R8tQP/3WPQvxhGyNLzlzKIL8 U=; X-Host: surveyor.tdc.vzwcorp.com Received: from ohtwi1exh002.uswin.ad.vzwcorp.com ([10.144.218.44]) by eris.verizonwireless.com with ESMTP/TLS/AES128-SHA256; 25 Oct 2017 01:57:37 +0000 Received: from tbwexch29apd.uswin.ad.vzwcorp.com (153.114.162.53) by OHTWI1EXH002.uswin.ad.vzwcorp.com (10.144.218.44) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 24 Oct 2017 21:57:37 -0400 Received: from OMZP1LUMXCA19.uswin.ad.vzwcorp.com (144.8.22.197) by tbwexch29apd.uswin.ad.vzwcorp.com (153.114.162.53) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 24 Oct 2017 21:57:36 -0400 Received: from OMZP1LUMXCA17.uswin.ad.vzwcorp.com (144.8.22.195) by OMZP1LUMXCA19.uswin.ad.vzwcorp.com (144.8.22.197) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 24 Oct 2017 20:57:35 -0500 Received: from OMZP1LUMXCA17.uswin.ad.vzwcorp.com ([144.8.22.195]) by OMZP1LUMXCA17.uswin.ad.vzwcorp.com ([144.8.22.195]) with mapi id 15.00.1263.000; Tue, 24 Oct 2017 20:57:35 -0500 To: "linux-kernel@vger.kernel.org" , "stable@vger.kernel.org" Subject: [PATCH AUTOSEL for 4.4 20/25] IPsec: do not ignore crypto err in ah4 input Thread-Topic: [PATCH AUTOSEL for 4.4 20/25] IPsec: do not ignore crypto err in ah4 input Thread-Index: AQHTTTRy7Aebgjd2okC045zZv6mCZQ== Date: Wed, 25 Oct 2017 01:56:17 +0000 Message-ID: <20171025015607.24625-20-alexander.levin@verizon.com> References: <20171025015607.24625-1-alexander.levin@verizon.com> In-Reply-To: <20171025015607.24625-1-alexander.levin@verizon.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.144.60.250] MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Gilad Ben-Yossef [ Upstream commit ebd89a2d0675f1325c2be5b7576fd8cb7e8defd0 ] ah4 input processing uses the asynchronous hash crypto API which supplies an error code as part of the operation completion but the error code was being ignored. Treat a crypto API error indication as a verification failure. While a crypto API reported error would almost certainly result in a memcpy of the digest failing anyway and thus the security risk seems minor, performing a memory compare on what might be uninitialized memory is wrong. Signed-off-by: Gilad Ben-Yossef Signed-off-by: Steffen Klassert Signed-off-by: Sasha Levin --- net/ipv4/ah4.c | 3 +++ 1 file changed, 3 insertions(+) -- 2.11.0 diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index f2a71025a770..22377c8ff14b 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c @@ -270,6 +270,9 @@ static void ah_input_done(struct crypto_async_request *base, int err) int ihl = ip_hdrlen(skb); int ah_hlen = (ah->hdrlen + 2) << 2; + if (err) + goto out; + work_iph = AH_SKB_CB(skb)->tmp; auth_data = ah_tmp_auth(work_iph, ihl); icv = ah_tmp_icv(ahp->ahash, auth_data, ahp->icv_trunc_len);