crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec

authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than
the minimum expected length, crypto_authenc_esn_decrypt() can advance past
the end of the destination scatterlist and trigger a NULL pointer dereference
in scatterwalk_map_and_copy(), leading to a kernel panic (DoS).

Add a minimum AAD length check to fail fast on invalid inputs.

Fixes: 104880a6b470 ("crypto: authencesn - Convert to new AEAD interface")
Reported-By: Taeyang Lee <0wn@theori.io>
Signed-off-by: Taeyang Lee <0wn@theori.io>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/authencesn.c b/crypto/authencesn.c
index d1bf0fda3f2ef6b56c3691e1390130a7ac27b974..542a978663b9e7230cbe6546507579e0782b5d37 100644 (file)
--- a/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -169,6 +169,9 @@ static int crypto_authenc_esn_encrypt(struct aead_request *req)
        struct scatterlist *src, *dst;
        int err;
 
+       if (assoclen < 8)
+               return -EINVAL;
+
        sg_init_table(areq_ctx->src, 2);
        src = scatterwalk_ffwd(areq_ctx->src, req->src, assoclen);
        dst = src;
@@ -256,6 +259,9 @@ static int crypto_authenc_esn_decrypt(struct aead_request *req)
        u32 tmp[2];
        int err;
 
+       if (assoclen < 8)
+               return -EINVAL;
+
        cryptlen -= authsize;
 
        if (req->src != dst)