linux-toradex.git/crypto/crypto_user.c, branch v3.2.60 Linux kernel for Apalis and Colibri modules crypto: user - fix info leaks in report API 2013-03-20T15:03:37+00:00 Mathias Krause minipli@googlemail.com 2013-02-05T17:19:13+00:00 f56cb892159202ee6486c7fd3c5dec3f82bd5114 commit 9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 upstream. Three errors resulting in kernel memory disclosure: 1/ The structures used for the netlink based crypto algorithm report API are located on the stack. As snprintf() does not fill the remainder of the buffer with null bytes, those stack bytes will be disclosed to users of the API. Switch to strncpy() to fix this. 2/ crypto_report_one() does not initialize all field of struct crypto_user_alg. Fix this to fix the heap info leak. 3/ For the module name we should copy only as many bytes as module_name() returns -- not as much as the destination buffer could hold. But the current code does not and therefore copies random data from behind the end of the module name, as the module name is always shorter than CRYPTO_MAX_ALG_NAME. Also switch to use strncpy() to copy the algorithm's name and driver_name. They are strings, after all. Signed-off-by: Mathias Krause <minipli@googlemail.com> Cc: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> [bwh: Backported to 3.2: adjust context] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 
commit 9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 upstream.

Three errors resulting in kernel memory disclosure:

1/ The structures used for the netlink based crypto algorithm report API
are located on the stack. As snprintf() does not fill the remainder of
the buffer with null bytes, those stack bytes will be disclosed to users
of the API. Switch to strncpy() to fix this.

2/ crypto_report_one() does not initialize all field of struct
crypto_user_alg. Fix this to fix the heap info leak.

3/ For the module name we should copy only as many bytes as
module_name() returns -- not as much as the destination buffer could
hold. But the current code does not and therefore copies random data
from behind the end of the module name, as the module name is always
shorter than CRYPTO_MAX_ALG_NAME.

Also switch to use strncpy() to copy the algorithm's name and
driver_name. They are strings, after all.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
crypto: user - Fix rwsem leak in crypto_user 2011-11-01T22:15:16+00:00 Jonathan Corbet corbet@lwn.net 2011-11-01T22:15:16+00:00 fb223c32b4d3ee593c8dce07e983680d06abe387 The list_empty case in crypto_alg_match() will return without calling up_read() on crypto_alg_sem. We could do the "goto out" routine, but the function will clearly do the right thing with that test simply removed. Signed-off-by: Jonathan Corbet <corbet@lwn.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
The list_empty case in crypto_alg_match() will return without calling
up_read() on crypto_alg_sem.  We could do the "goto out" routine, but the
function will clearly do the right thing with that test simply removed.

Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: user - Initialise match in crypto_alg_match 2011-10-21T12:37:10+00:00 Herbert Xu herbert@gondor.apana.org.au 2011-10-21T12:37:10+00:00 e6ea64ece7f4c14294b2fce5403b1e71eab87f1e We need to default match to 0 as otherwise it may lead to a false positive. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
We need to default match to 0 as otherwise it may lead to a false
positive.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: Add userspace report for compress type algorithms 2011-10-21T12:24:12+00:00 Steffen Klassert steffen.klassert@secunet.com 2011-09-27T05:48:48+00:00 540b97c1dd9ee68112269be322d901f1edc1a282 Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: Add userspace report for cipher type algorithms 2011-10-21T12:24:07+00:00 Steffen Klassert steffen.klassert@secunet.com 2011-09-27T05:48:01+00:00 07a5fa4abd8b6965d4585d3b110f89bdf5612aff Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: Add userspace report for larval type algorithms 2011-10-21T12:24:04+00:00 Steffen Klassert steffen.klassert@secunet.com 2011-09-27T05:25:05+00:00 6c5a86f529a9e9ca4c9aca5fa477e9557d4a3d3d Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: Add a report function pointer to crypto_type 2011-10-21T12:24:03+00:00 Steffen Klassert steffen.klassert@secunet.com 2011-09-27T05:24:29+00:00 b6aa63c09ba3b150a1030f9c95c7647361e7910e We add a report function pointer to struct crypto_type. This function pointer is used from the crypto userspace configuration API to report crypto algorithms to userspace. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
We add a report function pointer to struct crypto_type. This function
pointer is used from the crypto userspace configuration API to report
crypto algorithms to userspace.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: Add userspace configuration API 2011-10-21T12:24:03+00:00 Steffen Klassert steffen.klassert@secunet.com 2011-09-27T05:23:50+00:00 a38f7907b926e4c6c7d389ad96cc38cec2e5a9e9 This patch adds a basic userspace configuration API for the crypto layer. With this it is possible to instantiate, remove and to show crypto algorithms from userspace. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 
This patch adds a basic userspace configuration API for the crypto layer.
With this it is possible to instantiate, remove and to show crypto
algorithms from userspace.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>