mirror of
https://github.com/opnsense/src.git
synced 2026-02-20 00:11:07 -05:00
Given a partial block at the end of a payload, aes_encrypt_icm() would
perform a 16-byte load of the residual into a temporary variable. This
is unsafe in principle since the full block may cross a page boundary.
Fix the problem by copying the residual into a stack buffer first.
Reported by: syzbot+b7e44cde9e2e89f0f6c9@syzkaller.appspotmail.com
Reported by: syzbot+4b5eaf123a99456b5160@syzkaller.appspotmail.com
Reported by: syzbot+70c74c1aa232633355ca@syzkaller.appspotmail.com
Reported by: syzbot+2c663776a52828373d41@syzkaller.appspotmail.com
Reviewed by: cem, jhb
Sponsored by: The FreeBSD Foundation
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| aesni | ||
| armv8 | ||
| blake2 | ||
| blowfish | ||
| camellia | ||
| ccp | ||
| chacha20 | ||
| des | ||
| libsodium | ||
| rc4 | ||
| rijndael | ||
| sha2 | ||
| siphash | ||
| skein | ||
| via | ||
| intake.h | ||
| sha1.c | ||
| sha1.h | ||