[PATCH] crypto: Write outside array bounds

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


In crypto_aes_expand_key() loop8(i) writes up to ctx->key_enc[8*i+15], at most
63. ctx->key_enc has length (15*16)/4 == 60, so the last 16 bytes of key_enc
will overflow into ctx->key_dec.

Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx>
---
Found with Parfait, http://research.sun.com/projects/parfait/

This concerns crypto/aes_generic.c, function crypto_aes_expand_key(),
macro loop8() on line 1249.

1244:           ctx->key_enc[4] = le32_to_cpu(key[4]);
1245:           ctx->key_enc[5] = le32_to_cpu(key[5]);
1246:           ctx->key_enc[6] = le32_to_cpu(key[6]);
1247:           t = ctx->key_enc[7] = le32_to_cpu(key[7]);
1248:           for (i = 0; i < 7; ++i)
1249:                   loop8(i);
1250:           break;
1251:   }
1252:
1253:   ctx->key_dec[0] = ctx->key_enc[key_len + 24];
1254:   ctx->key_dec[1] = ctx->key_enc[key_len + 25];

please review.

diff --git a/include/crypto/aes.h b/include/crypto/aes.h
index 7524ba3..dd8c628 100644
--- a/include/crypto/aes.h
+++ b/include/crypto/aes.h
@@ -14,7 +14,7 @@
 #define AES_KEYSIZE_192		24
 #define AES_KEYSIZE_256		32
 #define AES_BLOCK_SIZE		16
-#define AES_MAX_KEYLENGTH	(15 * 16)
+#define AES_MAX_KEYLENGTH	(16 * 16)
 #define AES_MAX_KEYLENGTH_U32	(AES_MAX_KEYLENGTH / sizeof(u32))
 
 /*
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

Add to Google