Bug#782561: please backport commit ccfe8c3f7e52 from upstream

To: submit@bugs.debian.org
Subject: Bug#782561: please backport commit ccfe8c3f7e52 from upstream
From: Romain Francoise <rfrancoise@debian.org>
Date: Tue, 14 Apr 2015 10:44:22 +0200
Message-id: <[🔎] 87k2xf14m1.fsf@orebokech.com>
Reply-to: Romain Francoise <rfrancoise@debian.org>, 782561@bugs.debian.org

Package: src:linux
Version: 3.16.7-ckt7-1
Severity: wishlist

Using the rfc4106 IPsec implementation provided by the aesni_intel
module results in occasional crashes on an busy gateway. This was fixed
upstream by commit ccfe8c3f7e52:

| commit ccfe8c3f7e52ae83155cb038753f4c75b774ca8a
| Author: Stephan Mueller <smueller@chronox.de>
| Date:   Thu Mar 12 09:17:51 2015 +0100
|
|     crypto: aesni - fix memory usage in GCM decryption
|
|     The kernel crypto API logic requires the caller to provide the
|     length of (ciphertext || authentication tag) as cryptlen for the
|     AEAD decryption operation. Thus, the cipher implementation must
|     calculate the size of the plaintext output itself and cannot simply use
|     cryptlen.
|
|     The RFC4106 GCM decryption operation tries to overwrite cryptlen memory
|     in req->dst. As the destination buffer for decryption only needs to hold
|     the plaintext memory but cryptlen references the input buffer holding
|     (ciphertext || authentication tag), the assumption of the destination
|     buffer length in RFC4106 GCM operation leads to a too large size. This
|     patch simply uses the already calculated plaintext size.
|
|     In addition, this patch fixes the offset calculation of the AAD buffer
|     pointer: as mentioned before, cryptlen already includes the size of the
|     tag. Thus, the tag does not need to be added. With the addition, the AAD
|     will be written beyond the already allocated buffer.
|
|     Note, this fixes a kernel crash that can be triggered from user space
|     via AF_ALG(aead) -- simply use the libkcapi test application
|     from [1] and update it to use rfc4106-gcm-aes.
|
|     Using [1], the changes were tested using CAVS vectors to demonstrate
|     that the crypto operation still delivers the right results.
|
|     [1] http://www.chronox.de/libkcapi.html
|
|     CC: Tadeusz Struk <tadeusz.struk@intel.com>
|     Cc: stable@vger.kernel.org
|     Signed-off-by: Stephan Mueller <smueller@chronox.de>
|     Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

This fix is already queued for 3.16.7-ckt10, but it'd be great if you
could include it in jessie ASAP.

Thanks,
-- 
Romain Francoise <rfrancoise@debian.org>
http://people.debian.org/~rfrancoise/

Reply to:

Follow-Ups:
- Bug#782561: please backport commit ccfe8c3f7e52 from upstream
  - From: Ben Hutchings <ben@decadent.org.uk>
- Processed: Re: please backport commit ccfe8c3f7e52 from upstream
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#782561: marked as done (Buffer overruns in Linux kernel RFC4106 implementation using AESNI (CVE-2015-3331))
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#782561: marked as done (Buffer overruns in Linux kernel RFC4106 implementation using AESNI (CVE-2015-3331))
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#782515: [stable regression] tcp: make connect() mem charging friendly
Next by Date: Processed: severity of 782561 is important, tagging 782561
Previous by thread: Bug#782515: [stable regression] tcp: make connect() mem charging friendly
Next by thread: Bug#782561: please backport commit ccfe8c3f7e52 from upstream
Index(es):
- Date
- Thread