netdev
[Top] [All Lists]

[CRYPTO] Fix stack overrun in crypt()

To: "David S. Miller" <davem@xxxxxxxxxx>
Subject: [CRYPTO] Fix stack overrun in crypt()
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 15 Jul 2004 21:48:40 +1000
Cc: James Morris <jmorris@xxxxxxxxxx>, netdev@xxxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040523i
Hi:

The stack allocation in crypt() is bogus as whether tmp_src/tmp_dst
is used is determined by factors unrelated to nbytes and
src->length/dst->length.

Since the condition for whether tmp_src/tmp_dst are used is very
complex, let's allocate them always instead of guessing.

This fixes a number of weird crashes including those AES crashes
that people have been seeing with the 2.4 backport + ipt_conntrack.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

PS I think someone should double-check the logic in the scatterwalk
stuff, especially the whichbuf bits.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Attachment: p
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>