From: Taeyang Lee <0wn@theori.io> Date: Fri, 16 Jan 2026 07:03:58 +0000 (+0900) Subject: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec X-Git-Tag: v6.6.122~121 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b0a9609283a5c852addb513dafa655c61eebc1ef;p=thirdparty%2Fkernel%2Fstable.git crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec [ Upstream commit 2397e9264676be7794f8f7f1e9763d90bd3c7335 ] authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a minimum AAD length check to fail fast on invalid inputs. Fixes: 104880a6b470 ("crypto: authencesn - Convert to new AEAD interface") Reported-By: Taeyang Lee <0wn@theori.io> Signed-off-by: Taeyang Lee <0wn@theori.io> Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin --- diff --git a/crypto/authencesn.c b/crypto/authencesn.c index 91424e791d5c7..29ff3a0e86c09 100644 --- a/crypto/authencesn.c +++ b/crypto/authencesn.c @@ -189,6 +189,9 @@ static int crypto_authenc_esn_encrypt(struct aead_request *req) struct scatterlist *src, *dst; int err; + if (assoclen < 8) + return -EINVAL; + sg_init_table(areq_ctx->src, 2); src = scatterwalk_ffwd(areq_ctx->src, req->src, assoclen); dst = src; @@ -281,6 +284,9 @@ static int crypto_authenc_esn_decrypt(struct aead_request *req) u32 tmp[2]; int err; + if (assoclen < 8) + return -EINVAL; + cryptlen -= authsize; if (req->src != dst) {