releases/2.6.22.10/fix-ppp_mppe-kernel-stack-usage.patch

   1 From stable-bounces@linux.kernel.org Fri Sep 28 15:53:04 2007
   2 From: Michal Schmidt <mschmidt@redhat.com>
   3 Date: Fri, 28 Sep 2007 15:52:46 -0700 (PDT)
   4 Subject: Fix ppp_mppe kernel stack usage.
   5 To: stable@kernel.org
   6 Cc: bunk@kernel.org
   7 Message-ID: <20070928.155246.57176640.davem@davemloft.net>
   8
   9 From: Michal Schmidt <mschmidt@redhat.com>
  10
  11 commit 45dfd5b5dd20f17fe23dafc5cfe921474d27f849 from upstream
  12
  13 Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
  14 Signed-off-by: David S. Miller <davem@davemloft.net>
  15 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  16
  17 ---
  18  drivers/net/ppp_mppe.c |   14 ++++++--------
  19  1 file changed, 6 insertions(+), 8 deletions(-)
  20
  21 --- a/drivers/net/ppp_mppe.c
  22 +++ b/drivers/net/ppp_mppe.c
  23 @@ -136,7 +136,7 @@ struct ppp_mppe_state {
  24   * Key Derivation, from RFC 3078, RFC 3079.
  25   * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
  26   */
  27 -static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *InterimKey)
  28 +static void get_new_key_from_sha(struct ppp_mppe_state * state)
  29  {
  30         struct hash_desc desc;
  31         struct scatterlist sg[4];
  32 @@ -153,8 +153,6 @@ static void get_new_key_from_sha(struct
  33         desc.flags = 0;
  34
  35         crypto_hash_digest(&desc, sg, nbytes, state->sha1_digest);
  36 -
  37 -       memcpy(InterimKey, state->sha1_digest, state->keylen);
  38  }
  39
  40  /*
  41 @@ -163,21 +161,21 @@ static void get_new_key_from_sha(struct
  42   */
  43  static void mppe_rekey(struct ppp_mppe_state * state, int initial_key)
  44  {
  45 -       unsigned char InterimKey[MPPE_MAX_KEY_LEN];
  46         struct scatterlist sg_in[1], sg_out[1];
  47         struct blkcipher_desc desc = { .tfm = state->arc4 };
  48
  49 -       get_new_key_from_sha(state, InterimKey);
  50 +       get_new_key_from_sha(state);
  51         if (!initial_key) {
  52 -               crypto_blkcipher_setkey(state->arc4, InterimKey, state->keylen);
  53 -               setup_sg(sg_in, InterimKey, state->keylen);
  54 +               crypto_blkcipher_setkey(state->arc4, state->sha1_digest,
  55 +                                       state->keylen);
  56 +               setup_sg(sg_in, state->sha1_digest, state->keylen);
  57                 setup_sg(sg_out, state->session_key, state->keylen);
  58                 if (crypto_blkcipher_encrypt(&desc, sg_out, sg_in,
  59                                              state->keylen) != 0) {
  60                     printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n");
  61                 }
  62         } else {
  63 -               memcpy(state->session_key, InterimKey, state->keylen);
  64 +               memcpy(state->session_key, state->sha1_digest, state->keylen);
  65         }
  66         if (state->keylen == 8) {
  67                 /* See RFC 3078 */