]> git.proxmox.com Git - mirror_ubuntu-disco-kernel.git/commit
projects / mirror_ubuntu-disco-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9656a18) | patch
crypto: x86/aesni-gcm - fix crash on empty plaintext
authorEric Biggers <ebiggers@google.com>
Fri, 1 Feb 2019 07:51:40 +0000 (23:51 -0800)
committerSeth Forshee <seth.forshee@canonical.com>
Mon, 25 Mar 2019 15:44:54 +0000 (10:44 -0500)
commite10ed9e6cc2624f38651013f7c2e2c70aa228a7f
treee579ce721916bb755930e71b245b7a59ed02f069tree
parent9656a180eba4b6dfcc4eb85de4a5c6d3fceecb12commit | diff
crypto: x86/aesni-gcm - fix crash on empty plaintext

BugLink: https://bugs.launchpad.net/bugs/1821607
commit 3af349639597fea582a93604734d717e59a0e223 upstream.

gcmaes_crypt_by_sg() dereferences the NULL pointer returned by
scatterwalk_ffwd() when encrypting an empty plaintext and the source
scatterlist ends immediately after the associated data.

Fix it by only fast-forwarding to the src/dst data scatterlists if the
data length is nonzero.

This bug is reproduced by the "rfc4543(gcm(aes))" test vectors when run
with the new AEAD test manager.

Fixes: e845520707f8 ("crypto: aesni - Update aesni-intel_glue to use scatter/gather")
Cc: <stable@vger.kernel.org> # v4.17+
Cc: Dave Watson <davejwatson@fb.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
arch/x86/crypto/aesni-intel_glue.c diff | blob | blame | history
Ubuntu Disco kernel mirror for Proxmox VE and PMG