crypto: lrw - Fix out-of bounds access on counter overflow

When the LRW block counter overflows, the current implementation returns 128 as the index to the precomputed multiplication table, which has 128 entries. This patch fixes it to return the correct value (127). Fixes: 64470f1b8510 ("[CRYPTO] lrw: Liskov Rivest Wagner, a tweakable narrow block cipher mode") Cc: <stable@vger.kernel.org> # 2.6.20+ Reported-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Ondrej Mosnacek <omosnace@redhat.com> 2018-09-13 10:51:31 +0200
committer: Herbert Xu <herbert@gondor.apana.org.au> 2018-09-21 13:24:51 +0800
commit: fbe1a850b3b1522e9fc22319ccbbcd2ab05328d2 (patch)
tree: 7e126126eafb2856eb49c54a2bb2e79ccc39e559 /crypto
parent: 331351f89c36bf7d03561a28b6f64fa10a9f6f3a (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/crypto/lrw.c b/crypto/lrw.c
index 393a782679c7..5504d1325a56 100644
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -143,7 +143,12 @@ static inline int get_index128(be128 *block)
 		return x + ffz(val);
 	}
 
-	return x;
+	/*
+	 * If we get here, then x == 128 and we are incrementing the counter
+	 * from all ones to all zeros. This means we must return index 127, i.e.
+	 * the one corresponding to key2*{ 1,...,1 }.
+	 */
+	return 127;
 }
 
 static int post_crypt(struct skcipher_request *req)
author	Ondrej Mosnacek <omosnace@redhat.com>	2018-09-13 10:51:31 +0200
committer	Herbert Xu <herbert@gondor.apana.org.au>	2018-09-21 13:24:51 +0800
commit	fbe1a850b3b1522e9fc22319ccbbcd2ab05328d2 (patch)
tree	7e126126eafb2856eb49c54a2bb2e79ccc39e559 /crypto
parent	331351f89c36bf7d03561a28b6f64fa10a9f6f3a (diff)