Commit 37db69e0 authored by Eric Biggers's avatar Eric Biggers Committed by Herbert Xu
Browse files

crypto: user - clean up report structure copying 

There have been a pretty ridiculous number of issues with initializing
the report structures that are copied to userspace by NETLINK_CRYPTO.
Commit 4473710d ("crypto: user - Prepare for CRYPTO_MAX_ALG_NAME
expansion") replaced some strncpy()s with strlcpy()s, thereby
introducing information leaks.  Later two other people tried to replace
other strncpy()s with strlcpy() too, which would have introduced even
more information leaks:

    - https://lore.kernel.org/patchwork/patch/954991/
    - https://patchwork.kernel.org/patch/10434351/



Commit cac5818c ("crypto: user - Implement a generic crypto
statistics") also uses the buggy strlcpy() approach and therefore leaks
uninitialized memory to userspace.  A fix was proposed, but it was
originally incomplete.

Seeing as how apparently no one can get this right with the current
approach, change all the reporting functions to:

- Start by memsetting the report structure to 0.  This guarantees it's
  always initialized, regardless of what happens later.
- Initialize all strings using strscpy().  This is safe after the
  memset, ensures null termination of long strings, avoids unnecessary
  work, and avoids the -Wstringop-truncation warnings from gcc.
- Use sizeof(var) instead of sizeof(type).  This is more robust against
  copy+paste errors.

For simplicity, also reuse the -EMSGSIZE return value from nla_put().

Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent ed848b65

crypto/ablkcipher.c

+12 −20
Original line number Diff line number Diff line
@@ -365,23 +365,19 @@ static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) 
{

	struct crypto_report_blkcipher rblkcipher;



	strncpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type));

	strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>",

	memset(&rblkcipher, 0, sizeof(rblkcipher));



	strscpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type));

	strscpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>",

		sizeof(rblkcipher.geniv));

	rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0';



	rblkcipher.blocksize = alg->cra_blocksize;

	rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize;

	rblkcipher.max_keysize = alg->cra_ablkcipher.max_keysize;

	rblkcipher.ivsize = alg->cra_ablkcipher.ivsize;



	if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,

		    sizeof(struct crypto_report_blkcipher), &rblkcipher))

		goto nla_put_failure;

	return 0;



nla_put_failure:

	return -EMSGSIZE;

	return nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,

		       sizeof(rblkcipher), &rblkcipher);

}

#else

static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
@@ -440,23 +436,19 @@ static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg) 
{

	struct crypto_report_blkcipher rblkcipher;



	strncpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type));

	strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>",

	memset(&rblkcipher, 0, sizeof(rblkcipher));



	strscpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type));

	strscpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>",

		sizeof(rblkcipher.geniv));

	rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0';



	rblkcipher.blocksize = alg->cra_blocksize;

	rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize;

	rblkcipher.max_keysize = alg->cra_ablkcipher.max_keysize;

	rblkcipher.ivsize = alg->cra_ablkcipher.ivsize;



	if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,

		    sizeof(struct crypto_report_blkcipher), &rblkcipher))

		goto nla_put_failure;

	return 0;



nla_put_failure:

	return -EMSGSIZE;

	return nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,

		       sizeof(rblkcipher), &rblkcipher);

}

#else

static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg)

crypto/acompress.c

+3 −7
Original line number Diff line number Diff line
@@ -33,15 +33,11 @@ static int crypto_acomp_report(struct sk_buff *skb, struct crypto_alg *alg) 
{

	struct crypto_report_acomp racomp;



	strncpy(racomp.type, "acomp", sizeof(racomp.type));

	memset(&racomp, 0, sizeof(racomp));



	if (nla_put(skb, CRYPTOCFGA_REPORT_ACOMP,

		    sizeof(struct crypto_report_acomp), &racomp))

		goto nla_put_failure;

	return 0;

	strscpy(racomp.type, "acomp", sizeof(racomp.type));



nla_put_failure:

	return -EMSGSIZE;

	return nla_put(skb, CRYPTOCFGA_REPORT_ACOMP, sizeof(racomp), &racomp);

}

#else

static int crypto_acomp_report(struct sk_buff *skb, struct crypto_alg *alg)

crypto/aead.c

+5 −9
Original line number Diff line number Diff line
@@ -119,20 +119,16 @@ static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) 
	struct crypto_report_aead raead;

	struct aead_alg *aead = container_of(alg, struct aead_alg, base);



	strncpy(raead.type, "aead", sizeof(raead.type));

	strncpy(raead.geniv, "<none>", sizeof(raead.geniv));

	memset(&raead, 0, sizeof(raead));



	strscpy(raead.type, "aead", sizeof(raead.type));

	strscpy(raead.geniv, "<none>", sizeof(raead.geniv));



	raead.blocksize = alg->cra_blocksize;

	raead.maxauthsize = aead->maxauthsize;

	raead.ivsize = aead->ivsize;



	if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD,

		    sizeof(struct crypto_report_aead), &raead))

		goto nla_put_failure;

	return 0;



nla_put_failure:

	return -EMSGSIZE;

	return nla_put(skb, CRYPTOCFGA_REPORT_AEAD, sizeof(raead), &raead);

}

#else

static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg)

crypto/ahash.c

+4 −8
Original line number Diff line number Diff line
@@ -498,18 +498,14 @@ static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg) 
{

	struct crypto_report_hash rhash;



	strncpy(rhash.type, "ahash", sizeof(rhash.type));

	memset(&rhash, 0, sizeof(rhash));



	strscpy(rhash.type, "ahash", sizeof(rhash.type));



	rhash.blocksize = alg->cra_blocksize;

	rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize;



	if (nla_put(skb, CRYPTOCFGA_REPORT_HASH,

		    sizeof(struct crypto_report_hash), &rhash))

		goto nla_put_failure;

	return 0;



nla_put_failure:

	return -EMSGSIZE;

	return nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(rhash), &rhash);

}

#else

static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg)

crypto/akcipher.c

+4 −7
Original line number Diff line number Diff line
@@ -30,15 +30,12 @@ static int crypto_akcipher_report(struct sk_buff *skb, struct crypto_alg *alg) 
{

	struct crypto_report_akcipher rakcipher;



	strncpy(rakcipher.type, "akcipher", sizeof(rakcipher.type));

	memset(&rakcipher, 0, sizeof(rakcipher));



	if (nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER,

		    sizeof(struct crypto_report_akcipher), &rakcipher))

		goto nla_put_failure;

	return 0;

	strscpy(rakcipher.type, "akcipher", sizeof(rakcipher.type));



nla_put_failure:

	return -EMSGSIZE;

	return nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER,

		       sizeof(rakcipher), &rakcipher);

}

#else

static int crypto_akcipher_report(struct sk_buff *skb, struct crypto_alg *alg)

CRA Git | Maintained and supported by SUSTech CRA and CCSE