Re: [2.6 patch] crypto/aes.c: array overrun

From: Herbert Xu
Date: Fri Mar 10 2006 - 21:39:51 EST

Next message: Herbert Xu: "Re: [2.6 patch] net/decnet/dn_route.c: fix inconsequent NULL checking"
Previous message: Greg Scott: "RE: Router stops routing after changing MAC Address"
In reply to: Adrian Bunk: "[2.6 patch] crypto/aes.c: array overrun"
Next in thread: Pavel Machek: "Re: [2.6 patch] crypto/aes.c: array overrun"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Mar 11, 2006 at 02:03:39AM +0100, Adrian Bunk wrote:
>
> ...
> #define loop8(i) \

...

> t ^= E_KEY[8 * i + 7]; E_KEY[8 * i + 15] = t; \
> }
>
> static int
> aes_set_key(void *ctx_arg, const u8 *in_key, unsigned int key_len, u32 *flags)
> {
> ...
> case 32:
> ...
> for (i = 0; i < 7; ++i)
> loop8 (i);

OK this is not pretty but it is actually correct. Notice how we only
overstep the mark for E_KEY but never for D_KEY. Since D_KEY is only
initialised after this, it is OK for us to trash the start of D_KEY.

It's just a trick that makes the code slightly nicer (and no I didn't
write this nor am I necessarily condoning it :)

Thanks for reporting this though.

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Herbert Xu: "Re: [2.6 patch] net/decnet/dn_route.c: fix inconsequent NULL checking"
Previous message: Greg Scott: "RE: Router stops routing after changing MAC Address"
In reply to: Adrian Bunk: "[2.6 patch] crypto/aes.c: array overrun"
Next in thread: Pavel Machek: "Re: [2.6 patch] crypto/aes.c: array overrun"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]