Files
linux-stable-mirror/crypto
Taeyang Lee b0a9609283 crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec
[ Upstream commit 2397e92646 ]

authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than
the minimum expected length, crypto_authenc_esn_decrypt() can advance past
the end of the destination scatterlist and trigger a NULL pointer dereference
in scatterwalk_map_and_copy(), leading to a kernel panic (DoS).

Add a minimum AAD length check to fail fast on invalid inputs.

Fixes: 104880a6b4 ("crypto: authencesn - Convert to new AEAD interface")
Reported-By: Taeyang Lee <0wn@theori.io>
Signed-off-by: Taeyang Lee <0wn@theori.io>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2026-01-30 10:27:34 +01:00
..
2023-06-23 16:15:36 +08:00
2023-05-24 18:12:33 +08:00
2023-06-16 20:30:35 +08:00
2023-06-27 15:40:24 +08:00
2023-02-14 13:39:33 +08:00
2022-12-02 18:12:40 +08:00
2022-12-02 18:12:40 +08:00
2024-10-04 16:28:49 +02:00