crypto: ecdh - avoid buffer overflow in ecdh_set_secret()

commit 0aa171e9b2 upstream. Pavel reports that commit 17858b140b ("crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()") fixes one problem but introduces another: the unconditional memcpy() introduced by that commit may overflow the target buffer if the source data is invalid, which could be the result of intentional tampering. So check params.key_size explicitly against the size of the target buffer before validating the key further. Fixes: 17858b140b ("crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()") Reported-by: Pavel Machek <pavel@denx.de> Cc: <stable@vger.kernel.org> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-01-02 14:59:09 +01:00 · 2021-01-02 14:59:09 +01:00 · ff7397add9
parent 9e60056b1f
commit ff7397add9
1 changed files with 2 additions and 1 deletions
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@ -39,7 +39,8 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
 	struct ecdh params;
 	unsigned int ndigits;

-	if (crypto_ecdh_decode_key(buf, len, &params) < 0)
+	if (crypto_ecdh_decode_key(buf, len, &params) < 0 ||
+	    params.key_size > sizeof(ctx->private_key))
 		return -EINVAL;

 	ndigits = ecdh_supported_curve(params.curve_id);