diff options
| author | Taeyang Lee <0wn@theori.io> | 2026-01-16 16:03:58 +0900 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2026-02-06 16:44:06 +0100 |
| commit | 767e8349f7e929b7dd95c08f0b4cb353459b365e (patch) | |
| tree | bd35a81c15abc194b43ab8535fff8c10cec9a0b0 /crypto | |
| parent | f27047abf7cac1b6f90c3ad60de21ef9f717c26d (diff) | |
crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec
[ Upstream commit 2397e9264676be7794f8f7f1e9763d90bd3c7335 ]
authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than
the minimum expected length, crypto_authenc_esn_decrypt() can advance past
the end of the destination scatterlist and trigger a NULL pointer dereference
in scatterwalk_map_and_copy(), leading to a kernel panic (DoS).
Add a minimum AAD length check to fail fast on invalid inputs.
Fixes: 104880a6b470 ("crypto: authencesn - Convert to new AEAD interface")
Reported-By: Taeyang Lee <0wn@theori.io>
Signed-off-by: Taeyang Lee <0wn@theori.io>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/authencesn.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/authencesn.c b/crypto/authencesn.c index b60e61b1904c..6487b35851d5 100644 --- a/crypto/authencesn.c +++ b/crypto/authencesn.c @@ -191,6 +191,9 @@ static int crypto_authenc_esn_encrypt(struct aead_request *req) struct scatterlist *src, *dst; int err; + if (assoclen < 8) + return -EINVAL; + sg_init_table(areq_ctx->src, 2); src = scatterwalk_ffwd(areq_ctx->src, req->src, assoclen); dst = src; @@ -284,6 +287,9 @@ static int crypto_authenc_esn_decrypt(struct aead_request *req) u32 tmp[2]; int err; + if (assoclen < 8) + return -EINVAL; + cryptlen -= authsize; if (req->src != dst) { |