[Top] [All Lists]

Re: [CRYPTO] Fix stack overrun in crypt()

To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [CRYPTO] Fix stack overrun in crypt()
From: James Morris <jmorris@xxxxxxxxxx>
Date: Fri, 16 Jul 2004 11:27:36 -0400 (EDT)
Cc: "David S. Miller" <davem@xxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <20040715114840.GA1325@xxxxxxxxxxxxxxxxxxx>
References: <20040715114840.GA1325@xxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
On Thu, 15 Jul 2004, Herbert Xu wrote:

> Hi:
> The stack allocation in crypt() is bogus as whether tmp_src/tmp_dst
> is used is determined by factors unrelated to nbytes and
> src->length/dst->length.
> Since the condition for whether tmp_src/tmp_dst are used is very
> complex, let's allocate them always instead of guessing.
> This fixes a number of weird crashes including those AES crashes
> that people have been seeing with the 2.4 backport + ipt_conntrack.

Ok, thanks, looks good.

> PS I think someone should double-check the logic in the scatterwalk
> stuff, especially the whichbuf bits.

Adam Richter rewrote that code, and I have walked through it before (I 
guess Dave did too).  Any more code reviewers welcome.

- James
James Morris

<Prev in Thread] Current Thread [Next in Thread>