Re: [PATCH] crypto: af_alg - avoid undefined behavior accessing salg_name

2020-11-05 Thread Herbert Xu
On Mon, Oct 26, 2020 at 01:07:15PM -0700, Eric Biggers wrote: > From: Eric Biggers > > Commit 3f69cc60768b ("crypto: af_alg - Allow arbitrarily long algorithm > names") made the kernel start accepting arbitrarily long algorithm names > in sockaddr_alg. However, the actual length of the salg_name

Re: [PATCH] crypto: af_alg - avoid undefined behavior accessing salg_name

2020-10-26 Thread Eric Biggers
On Mon, Oct 26, 2020 at 06:10:59PM -0500, Gustavo A. R. Silva wrote: > On Mon, Oct 26, 2020 at 04:21:48PM -0500, Gustavo A. R. Silva wrote: > > > +/* > > > + * Linux v4.12 and later removed the 64-byte limit on salg_name[]; it's > > > now an > > > + * arbitrary-length field. We had to keep the or

Re: [PATCH] crypto: af_alg - avoid undefined behavior accessing salg_name

2020-10-26 Thread Gustavo A. R. Silva
On Mon, Oct 26, 2020 at 04:21:48PM -0500, Gustavo A. R. Silva wrote: > > +/* > > + * Linux v4.12 and later removed the 64-byte limit on salg_name[]; it's > > now an > > + * arbitrary-length field. We had to keep the original struct above for > > source > > + * compatibility with existing userspa

Re: [PATCH] crypto: af_alg - avoid undefined behavior accessing salg_name

2020-10-26 Thread Jann Horn
On Mon, Oct 26, 2020 at 10:57 PM Eric Biggers wrote: > On Mon, Oct 26, 2020 at 10:23:35PM +0100, 'Jann Horn' via syzkaller-bugs > wrote: > > On Mon, Oct 26, 2020 at 9:08 PM Eric Biggers wrote: > > > Commit 3f69cc60768b ("crypto: af_alg - Allow arbitrarily long algorithm > > > names") made the ke

Re: [PATCH] crypto: af_alg - avoid undefined behavior accessing salg_name

2020-10-26 Thread Eric Biggers
On Mon, Oct 26, 2020 at 10:23:35PM +0100, 'Jann Horn' via syzkaller-bugs wrote: > On Mon, Oct 26, 2020 at 9:08 PM Eric Biggers wrote: > > Commit 3f69cc60768b ("crypto: af_alg - Allow arbitrarily long algorithm > > names") made the kernel start accepting arbitrarily long algorithm names > > in sock

Re: [PATCH] crypto: af_alg - avoid undefined behavior accessing salg_name

2020-10-26 Thread Jann Horn
On Mon, Oct 26, 2020 at 9:08 PM Eric Biggers wrote: > Commit 3f69cc60768b ("crypto: af_alg - Allow arbitrarily long algorithm > names") made the kernel start accepting arbitrarily long algorithm names > in sockaddr_alg. That's not true; it's still limited by the size of struct sockaddr_storage (1

Re: [PATCH] crypto: af_alg - avoid undefined behavior accessing salg_name

2020-10-26 Thread Gustavo A. R. Silva
Hi, On Mon, Oct 26, 2020 at 01:07:15PM -0700, Eric Biggers wrote: > From: Eric Biggers > > Commit 3f69cc60768b ("crypto: af_alg - Allow arbitrarily long algorithm > names") made the kernel start accepting arbitrarily long algorithm names > in sockaddr_alg. However, the actual length of the salg

[PATCH] crypto: af_alg - avoid undefined behavior accessing salg_name

2020-10-26 Thread Eric Biggers
From: Eric Biggers Commit 3f69cc60768b ("crypto: af_alg - Allow arbitrarily long algorithm names") made the kernel start accepting arbitrarily long algorithm names in sockaddr_alg. However, the actual length of the salg_name field stayed at the original 64 bytes. This is broken because the kern