diff options
| author | Taeyang Lee <0wn@theori.io> | 2026-01-16 16:03:58 +0900 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2026-01-30 10:27:34 +0100 |
| commit | b0a9609283a5c852addb513dafa655c61eebc1ef (patch) | |
| tree | fc954c133db60b38a84c99a3872db86fa186cef9 /crypto | |
| parent | 93b8635974fb050c43d07e35e5edfe6e685ca28a (diff) | |
crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec
[ Upstream commit 2397e9264676be7794f8f7f1e9763d90bd3c7335 ]
authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than
the minimum expected length, crypto_authenc_esn_decrypt() can advance past
the end of the destination scatterlist and trigger a NULL pointer dereference
in scatterwalk_map_and_copy(), leading to a kernel panic (DoS).
Add a minimum AAD length check to fail fast on invalid inputs.
Fixes: 104880a6b470 ("crypto: authencesn - Convert to new AEAD interface")
Reported-By: Taeyang Lee <0wn@theori.io>
Signed-off-by: Taeyang Lee <0wn@theori.io>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/authencesn.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/authencesn.c b/crypto/authencesn.c index 91424e791d5c..29ff3a0e86c0 100644 --- a/crypto/authencesn.c +++ b/crypto/authencesn.c @@ -189,6 +189,9 @@ static int crypto_authenc_esn_encrypt(struct aead_request *req) struct scatterlist *src, *dst; int err; + if (assoclen < 8) + return -EINVAL; + sg_init_table(areq_ctx->src, 2); src = scatterwalk_ffwd(areq_ctx->src, req->src, assoclen); dst = src; @@ -281,6 +284,9 @@ static int crypto_authenc_esn_decrypt(struct aead_request *req) u32 tmp[2]; int err; + if (assoclen < 8) + return -EINVAL; + cryptlen -= authsize; if (req->src != dst) { |