crypto: user - fix info leaks in report API

Three errors resulting in kernel memory disclosure:

1/ The structures used for the netlink based crypto algorithm report API
are located on the stack. As snprintf() does not fill the remainder of
the buffer with null bytes, those stack bytes will be disclosed to users
of the API. Switch to strncpy() to fix this.

2/ crypto_report_one() does not initialize all field of struct
crypto_user_alg. Fix this to fix the heap info leak.

3/ For the module name we should copy only as many bytes as
module_name() returns -- not as much as the destination buffer could
hold. But the current code does not and therefore copies random data
from behind the end of the module name, as the module name is always
shorter than CRYPTO_MAX_ALG_NAME.

Also switch to use strncpy() to copy the algorithm's name and
driver_name. They are strings, after all.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index 533de9550a8292faa59f9ad1e68348d00585f3f4..7d4a8d28277e181386981dcef2d73ec377aefe9a 100644 (file)
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -388,9 +388,9 @@ static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
 {
        struct crypto_report_blkcipher rblkcipher;
 
-       snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "ablkcipher");
-       snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s",
-                alg->cra_ablkcipher.geniv ?: "<default>");
+       strncpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type));
+       strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>",
+               sizeof(rblkcipher.geniv));
 
        rblkcipher.blocksize = alg->cra_blocksize;
        rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize;
@@ -469,9 +469,9 @@ static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
 {
        struct crypto_report_blkcipher rblkcipher;
 
-       snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "givcipher");
-       snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s",
-                alg->cra_ablkcipher.geniv ?: "<built-in>");
+       strncpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type));
+       strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>",
+               sizeof(rblkcipher.geniv));
 
        rblkcipher.blocksize = alg->cra_blocksize;
        rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize;

diff --git a/crypto/aead.c b/crypto/aead.c
index 4d04e12ffde837c17a7677d8ef1ab05bf26f3588..547491e35c63733f15ccb4697cf83109128125aa 100644 (file)
--- a/crypto/aead.c
+++ b/crypto/aead.c
@@ -117,9 +117,8 @@ static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg)
        struct crypto_report_aead raead;
        struct aead_alg *aead = &alg->cra_aead;
 
-       snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "aead");
-       snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s",
-                aead->geniv ?: "<built-in>");
+       strncpy(raead.type, "aead", sizeof(raead.type));
+       strncpy(raead.geniv, aead->geniv ?: "<built-in>", sizeof(raead.geniv));
 
        raead.blocksize = alg->cra_blocksize;
        raead.maxauthsize = aead->maxauthsize;
@@ -203,8 +202,8 @@ static int crypto_nivaead_report(struct sk_buff *skb, struct crypto_alg *alg)
        struct crypto_report_aead raead;
        struct aead_alg *aead = &alg->cra_aead;
 
-       snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "nivaead");
-       snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s", aead->geniv);
+       strncpy(raead.type, "nivaead", sizeof(raead.type));
+       strncpy(raead.geniv, aead->geniv, sizeof(raead.geniv));
 
        raead.blocksize = alg->cra_blocksize;
        raead.maxauthsize = aead->maxauthsize;

diff --git a/crypto/ahash.c b/crypto/ahash.c
index 3887856c2dd68490736eb17bca5d01eae9837aa0..793a27f2493e5287c1275df40feaca7b7b14c87e 100644 (file)
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -404,7 +404,7 @@ static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg)
 {
        struct crypto_report_hash rhash;
 
-       snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, "%s", "ahash");
+       strncpy(rhash.type, "ahash", sizeof(rhash.type));
 
        rhash.blocksize = alg->cra_blocksize;
        rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize;

diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index e9e7244d5ef5bc4de642228d26933d97e75a8397..a79e7e9ab86e890d7eed95f3038b4424323a70f5 100644 (file)
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -499,9 +499,9 @@ static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
 {
        struct crypto_report_blkcipher rblkcipher;
 
-       snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "blkcipher");
-       snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s",
-                alg->cra_blkcipher.geniv ?: "<default>");
+       strncpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type));
+       strncpy(rblkcipher.geniv, alg->cra_blkcipher.geniv ?: "<default>",
+               sizeof(rblkcipher.geniv));
 
        rblkcipher.blocksize = alg->cra_blocksize;
        rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize;

diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index 35d700a97d79bc926de0b599041e59e7e07c0721..f6d9baf77f0a41b76b0fc39aebf26365a1284bca 100644 (file)
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -75,7 +75,7 @@ static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg)
 {
        struct crypto_report_cipher rcipher;
 
-       snprintf(rcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "cipher");
+       strncpy(rcipher.type, "cipher", sizeof(rcipher.type));
 
        rcipher.blocksize = alg->cra_blocksize;
        rcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
@@ -94,8 +94,7 @@ static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg)
 {
        struct crypto_report_comp rcomp;
 
-       snprintf(rcomp.type, CRYPTO_MAX_ALG_NAME, "%s", "compression");
-
+       strncpy(rcomp.type, "compression", sizeof(rcomp.type));
        if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS,
                    sizeof(struct crypto_report_comp), &rcomp))
                goto nla_put_failure;
@@ -108,12 +107,14 @@ nla_put_failure:
 static int crypto_report_one(struct crypto_alg *alg,
                             struct crypto_user_alg *ualg, struct sk_buff *skb)
 {
-       memcpy(&ualg->cru_name, &alg->cra_name, sizeof(ualg->cru_name));
-       memcpy(&ualg->cru_driver_name, &alg->cra_driver_name,
-              sizeof(ualg->cru_driver_name));
-       memcpy(&ualg->cru_module_name, module_name(alg->cra_module),
-              CRYPTO_MAX_ALG_NAME);
-
+       strncpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name));
+       strncpy(ualg->cru_driver_name, alg->cra_driver_name,
+               sizeof(ualg->cru_driver_name));
+       strncpy(ualg->cru_module_name, module_name(alg->cra_module),
+               sizeof(ualg->cru_module_name));
+
+       ualg->cru_type = 0;
+       ualg->cru_mask = 0;
        ualg->cru_flags = alg->cra_flags;
        ualg->cru_refcnt = atomic_read(&alg->cra_refcnt);
 
@@ -122,8 +123,7 @@ static int crypto_report_one(struct crypto_alg *alg,
        if (alg->cra_flags & CRYPTO_ALG_LARVAL) {
                struct crypto_report_larval rl;
 
-               snprintf(rl.type, CRYPTO_MAX_ALG_NAME, "%s", "larval");
-
+               strncpy(rl.type, "larval", sizeof(rl.type));
                if (nla_put(skb, CRYPTOCFGA_REPORT_LARVAL,
                            sizeof(struct crypto_report_larval), &rl))
                        goto nla_put_failure;

diff --git a/crypto/pcompress.c b/crypto/pcompress.c
index 04e083ff5373528ae4cb19263cb340461827df16..7140fe70c7af04b2f544839b734de9aa5c461533 100644 (file)
--- a/crypto/pcompress.c
+++ b/crypto/pcompress.c
@@ -53,8 +53,7 @@ static int crypto_pcomp_report(struct sk_buff *skb, struct crypto_alg *alg)
 {
        struct crypto_report_comp rpcomp;
 
-       snprintf(rpcomp.type, CRYPTO_MAX_ALG_NAME, "%s", "pcomp");
-
+       strncpy(rpcomp.type, "pcomp", sizeof(rpcomp.type));
        if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS,
                    sizeof(struct crypto_report_comp), &rpcomp))
                goto nla_put_failure;

diff --git a/crypto/rng.c b/crypto/rng.c
index f3b7894dec00ee5207642f7ff95cbf8ef6aaeb2f..e0a25c2456de4f7f92fa4ac1cc4daf9c48b5b209 100644 (file)
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -65,7 +65,7 @@ static int crypto_rng_report(struct sk_buff *skb, struct crypto_alg *alg)
 {
        struct crypto_report_rng rrng;
 
-       snprintf(rrng.type, CRYPTO_MAX_ALG_NAME, "%s", "rng");
+       strncpy(rrng.type, "rng", sizeof(rrng.type));
 
        rrng.seedsize = alg->cra_rng.seedsize;
 

diff --git a/crypto/shash.c b/crypto/shash.c
index f426330f101755493a529d4dd8f9bcd900b51f73..929058a68561264c389719e26a3d22704bbbe18e 100644 (file)
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -530,7 +530,8 @@ static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg)
        struct crypto_report_hash rhash;
        struct shash_alg *salg = __crypto_shash_alg(alg);
 
-       snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, "%s", "shash");
+       strncpy(rhash.type, "shash", sizeof(rhash.type));
+
        rhash.blocksize = alg->cra_blocksize;
        rhash.digestsize = salg->digestsize;