crypto: ccp - Prevent information leakage on export

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Prevent information from leaking to userspace by doing a memset to 0 of
the export state structure before setting the structure values and copying
it. This prevents un-initialized padding areas from being copied into the
export area.

Cc: <stable@vger.kernel.org> # 3.14.x-
Reported-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Tom Lendacky and committed by

Herbert Xu 10 years ago f709b45e 0851561d

2 changed files

expand all

drivers

crypto

ccp

ccp-crypto-aes-cmac.c

ccp-crypto-sha.c

drivers/crypto/ccp/ccp-crypto-aes-cmac.c

··· 225 225 struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req); 226 226 struct ccp_aes_cmac_exp_ctx state; 227 227 228 + /* Don't let anything leak to 'out' */ 229 + memset(&state, 0, sizeof(state)); 230 + 228 231 state.null_msg = rctx->null_msg; 229 232 memcpy(state.iv, rctx->iv, sizeof(state.iv)); 230 233 state.buf_count = rctx->buf_count;

drivers/crypto/ccp/ccp-crypto-sha.c

··· 212 212 struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req); 213 213 struct ccp_sha_exp_ctx state; 214 214 215 + /* Don't let anything leak to 'out' */ 216 + memset(&state, 0, sizeof(state)); 217 + 215 218 state.type = rctx->type; 216 219 state.msg_bits = rctx->msg_bits; 217 220 state.first = rctx->first;