3.18-stable patches

added patches:
	crypto-cts-fix-crash-on-short-inputs.patch

diff --git a/queue-3.18/crypto-cts-fix-crash-on-short-inputs.patch b/queue-3.18/crypto-cts-fix-crash-on-short-inputs.patch
new file mode 100644 (file)
index 0000000..64a9891
--- /dev/null
+++ b/queue-3.18/crypto-cts-fix-crash-on-short-inputs.patch
@@ -0,0 +1,58 @@
+From ebiggers@kernel.org  Tue Jan 15 09:11:00 2019
+From: Eric Biggers <ebiggers@kernel.org>
+Date: Mon, 14 Jan 2019 15:21:45 -0800
+Subject: crypto: cts - fix crash on short inputs
+To: stable@vger.kernel.org, Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: linux-crypto@vger.kernel.org
+Message-ID: <20190114232145.205845-1-ebiggers@kernel.org>
+
+
+From: Eric Biggers <ebiggers@google.com>
+
+[It's a minimal fix for a bug that was fixed incidentally by a large
+refactoring in v4.8.]
+
+In the CTS template, when the input length is <= one block cipher block
+(e.g. <= 16 bytes for AES) pass the correct length to the underlying CBC
+transform rather than one block.  This matches the upstream behavior and
+makes the encryption/decryption operation correctly return -EINVAL when
+1 <= nbytes < bsize or succeed when nbytes == 0, rather than crashing.
+
+This was fixed upstream incidentally by a large refactoring,
+commit 0605c41cc53c ("crypto: cts - Convert to skcipher").  But
+syzkaller easily trips over this when running on older kernels, as it's
+easily reachable via AF_ALG.  Therefore, this patch makes the minimal
+fix for older kernels.
+
+Cc: linux-crypto@vger.kernel.org
+Fixes: 76cb9521795a ("[CRYPTO] cts: Add CTS mode required for Kerberos AES support")
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ crypto/cts.c |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/crypto/cts.c
++++ b/crypto/cts.c
+@@ -137,8 +137,8 @@ static int crypto_cts_encrypt(struct blk
+       lcldesc.info = desc->info;
+       lcldesc.flags = desc->flags;
+ 
+-      if (tot_blocks == 1) {
+-              err = crypto_blkcipher_encrypt_iv(&lcldesc, dst, src, bsize);
++      if (tot_blocks <= 1) {
++              err = crypto_blkcipher_encrypt_iv(&lcldesc, dst, src, nbytes);
+       } else if (nbytes <= bsize * 2) {
+               err = cts_cbc_encrypt(ctx, desc, dst, src, 0, nbytes);
+       } else {
+@@ -232,8 +232,8 @@ static int crypto_cts_decrypt(struct blk
+       lcldesc.info = desc->info;
+       lcldesc.flags = desc->flags;
+ 
+-      if (tot_blocks == 1) {
+-              err = crypto_blkcipher_decrypt_iv(&lcldesc, dst, src, bsize);
++      if (tot_blocks <= 1) {
++              err = crypto_blkcipher_decrypt_iv(&lcldesc, dst, src, nbytes);
+       } else if (nbytes <= bsize * 2) {
+               err = cts_cbc_decrypt(ctx, desc, dst, src, 0, nbytes);
+       } else {

diff --git a/queue-3.18/series b/queue-3.18/series
index 3dbd657c2f076adf7267ff69d57535a449703ed6..47a09b88853b363ee0ca8ba55b199244544b5aad 100644 (file)
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -7,3 +7,4 @@ usb-storage-add-quirk-for-smi-sm3350.patch
 slab-alien-caches-must-not-be-initialized-if-the-allocation-of-the-alien-cache-failed.patch
 acpi-power-skip-duplicate-power-resource-references-in-_prx.patch
 i2c-dev-prevent-adapter-retries-and-timeout-being-set-as-minus-value.patch
+crypto-cts-fix-crash-on-short-inputs.patch