Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f709b45e authored by Tom Lendacky's avatar Tom Lendacky Committed by Herbert Xu
Browse files

crypto: ccp - Prevent information leakage on export 



Prevent information from leaking to userspace by doing a memset to 0 of
the export state structure before setting the structure values and copying
it. This prevents un-initialized padding areas from being copied into the
export area.

Cc: <stable@vger.kernel.org> # 3.14.x-
Reported-by: default avatarBen Hutchings <ben@decadent.org.uk>
Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 0851561d

drivers/crypto/ccp/ccp-crypto-aes-cmac.c

+3 −0
Original line number Diff line number Diff line
@@ -225,6 +225,9 @@ static int ccp_aes_cmac_export(struct ahash_request *req, void *out) 
	struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);

	struct ccp_aes_cmac_exp_ctx state;



	/* Don't let anything leak to 'out' */

	memset(&state, 0, sizeof(state));



	state.null_msg = rctx->null_msg;

	memcpy(state.iv, rctx->iv, sizeof(state.iv));

	state.buf_count = rctx->buf_count;

drivers/crypto/ccp/ccp-crypto-sha.c

+3 −0
Original line number Diff line number Diff line
@@ -212,6 +212,9 @@ static int ccp_sha_export(struct ahash_request *req, void *out) 
	struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);

	struct ccp_sha_exp_ctx state;



	/* Don't let anything leak to 'out' */

	memset(&state, 0, sizeof(state));



	state.type = rctx->type;

	state.msg_bits = rctx->msg_bits;

	state.first = rctx->first;