564b6aa7fc
Given a partial block at the end of a payload, aes_encrypt_icm() would perform a 16-byte load of the residual into a temporary variable. This is unsafe in principle since the full block may cross a page boundary. Fix the problem by copying the residual into a stack buffer first. Reported by: syzbot+b7e44cde9e2e89f0f6c9@syzkaller.appspotmail.com Reported by: syzbot+4b5eaf123a99456b5160@syzkaller.appspotmail.com Reported by: syzbot+70c74c1aa232633355ca@syzkaller.appspotmail.com Reported by: syzbot+2c663776a52828373d41@syzkaller.appspotmail.com Reviewed by: cem, jhb MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31730 |
||
|---|---|---|
| .. | ||
| aesencdec.h | ||
| aeskeys_amd64.S | ||
| aeskeys_i386.S | ||
| aesni.c | ||
| aesni.h | ||
| aesni_ccm.c | ||
| aesni_ghash.c | ||
| aesni_os.h | ||
| aesni_wrap.c | ||
| intel_sha1.c | ||
| intel_sha256.c | ||
| sha_sse.h | ||