crypto: CVE-2017-18075

crypto: pcrypt - fix freeing pcrypt instances

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-18075
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=7156c794b8ab462705e6ac80c5fa69565eb44c62

Change-Id: I677805222830347c537d4400c6c78f4ff7783c0d
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>

1 files changed, 84 insertions, 0 deletions

diff --git a/patches/cve/CVE-2017-18075-crypto-pcrypt-fix-freeing-pcrypt-instances.patch b/patches/cve/CVE-2017-18075-crypto-pcrypt-fix-freeing-pcrypt-instances.patch
new file mode 100644
index 0000000..f842da8
--- /dev/null
+++ b/patches/cve/CVE-2017-18075-crypto-pcrypt-fix-freeing-pcrypt-instances.patch
@@ -0,0 +1,84 @@
+From 7156c794b8ab462705e6ac80c5fa69565eb44c62 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Wed, 20 Dec 2017 14:28:25 -0800
+Subject: [PATCH] crypto: pcrypt - fix freeing pcrypt instances
+
+commit d76c68109f37cb85b243a1cf0f40313afd2bae68 upstream.
+
+pcrypt is using the old way of freeing instances, where the ->free()
+method specified in the 'struct crypto_template' is passed a pointer to
+the 'struct crypto_instance'.  But the crypto_instance is being
+kfree()'d directly, which is incorrect because the memory was actually
+allocated as an aead_instance, which contains the crypto_instance at a
+nonzero offset.  Thus, the wrong pointer was being kfree()'d.
+
+Fix it by switching to the new way to free aead_instance's where the
+->free() method is specified in the aead_instance itself.
+
+CVE: CVE-2017-18075
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.14.y&id=7156c794b8ab462705e6ac80c5fa69565eb44c62]
+
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Fixes: 0496f56065e0 ("crypto: pcrypt - Add support for new AEAD interface")
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ crypto/pcrypt.c | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
+index ee9cfb99fe25..f8ec3d4ba4a8 100644
+--- a/crypto/pcrypt.c
++++ b/crypto/pcrypt.c
+@@ -254,6 +254,14 @@ static void pcrypt_aead_exit_tfm(struct crypto_aead *tfm)
+        crypto_free_aead(ctx->child);
+ }
+ 
++static void pcrypt_free(struct aead_instance *inst)
++{
++       struct pcrypt_instance_ctx *ctx = aead_instance_ctx(inst);
++
++       crypto_drop_aead(&ctx->spawn);
++       kfree(inst);
++}
++
+ static int pcrypt_init_instance(struct crypto_instance *inst,
+                                struct crypto_alg *alg)
+ {
+@@ -319,6 +327,8 @@ static int pcrypt_create_aead(struct crypto_template *tmpl, struct rtattr **tb,
+        inst->alg.encrypt = pcrypt_aead_encrypt;
+        inst->alg.decrypt = pcrypt_aead_decrypt;
+ 
++       inst->free = pcrypt_free;
++
+        err = aead_register_instance(tmpl, inst);
+        if (err)
+                goto out_drop_aead;
+@@ -349,14 +359,6 @@ static int pcrypt_create(struct crypto_template *tmpl, struct rtattr **tb)
+        return -EINVAL;
+ }
+ 
+-static void pcrypt_free(struct crypto_instance *inst)
+-{
+-       struct pcrypt_instance_ctx *ctx = crypto_instance_ctx(inst);
+-
+-       crypto_drop_aead(&ctx->spawn);
+-       kfree(inst);
+-}
+-
+ static int pcrypt_cpumask_change_notify(struct notifier_block *self,
+                                        unsigned long val, void *data)
+ {
+@@ -469,7 +471,6 @@ static void pcrypt_fini_padata(struct padata_pcrypt *pcrypt)
+ static struct crypto_template pcrypt_tmpl = {
+        .name = "pcrypt",
+        .create = pcrypt_create,
+-       .free = pcrypt_free,
+        .module = THIS_MODULE,
+ };
+ 
+-- 
+2.20.1
+