| Message ID | 1484565476-19371-1-git-send-email-gilad@benyossef.com |
|---|---|
| Headers | show |
| Series | IPsec: do not ignore crypto err in ah input | expand |
On Mon, Jan 16, 2017 at 01:17:54PM +0200, Gilad Ben-Yossef wrote: > ah input processing uses the asynchronous hash crypto API which > supplies an error code as part of the operation completion but > the error code was being ignored. > > Treat a crypto API error indication as a verification failure. > > While a crypto API reported error would almost certainly result > in a memcpy of the digest failing anyway and thus the security > risk seems minor, performing a memory compare on what might be > uninitialized memory is wrong. > > Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> > CC: Alexander Alemayhu <alexander@alemayhu.com> Both applied to ipsec-next, thanks a lot!
ah input processing uses the asynchronous hash crypto API which supplies an error code as part of the operation completion but the error code was being ignored. Treat a crypto API error indication as a verification failure. While a crypto API reported error would almost certainly result in a memcpy of the digest failing anyway and thus the security risk seems minor, performing a memory compare on what might be uninitialized memory is wrong. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> CC: Alexander Alemayhu <alexander@alemayhu.com> --- The change was boot tested on Arm64 but I did not exercise the specific error code path in question. Changes from v2: - Added fix for same problem in IPv6 pointed out by Steffen Klassert Changes from v1: - Fixed typo in patch description pointed out by Alexander Gilad Ben-Yossef (2): IPsec: do not ignore crypto err in ah4 input IPsec: do not ignore crypto err in ah6 input net/ipv4/ah4.c | 3 +++ net/ipv6/ah6.c | 3 +++ 2 files changed, 6 insertions(+) -- 2.1.4