83e33300a2
ASAN complains about: ==8856==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd8a1fe168 at pc 0x561136cb4451 bp 0x7ffd8a1fe130 sp 0x7ffd8a1fd8e0 READ of size 16 at 0x7ffd8a1fe168 thread T0 #0 0x561136cb4450 in __asan_memcpy (/home/elmarco/src/qq/build/tests/test-crypto-ivgen+0x110450) #1 0x561136d2a6a7 in qcrypto_ivgen_essiv_calculate /home/elmarco/src/qq/crypto/ivgen-essiv.c:83:5 #2 0x561136d29af8 in qcrypto_ivgen_calculate /home/elmarco/src/qq/crypto/ivgen.c:72:12 #3 0x561136d07c8e in test_ivgen /home/elmarco/src/qq/tests/test-crypto-ivgen.c:148:5 #4 0x7f77772c3b04 in test_case_run /home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2237 #5 0x7f77772c3ec4 in g_test_run_suite_internal /home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2321 #6 0x7f77772c3f6d in g_test_run_suite_internal /home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2333 #7 0x7f77772c3f6d in g_test_run_suite_internal /home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2333 #8 0x7f77772c3f6d in g_test_run_suite_internal /home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2333 #9 0x7f77772c4184 in g_test_run_suite /home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2408 #10 0x7f77772c2e0d in g_test_run /home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:1674 #11 0x561136d0799b in main /home/elmarco/src/qq/tests/test-crypto-ivgen.c:173:12 #12 0x7f77756e6039 in __libc_start_main (/lib64/libc.so.6+0x21039) #13 0x561136c13d89 in _start (/home/elmarco/src/qq/build/tests/test-crypto-ivgen+0x6fd89) Address 0x7ffd8a1fe168 is located in stack of thread T0 at offset 40 in frame #0 0x561136d2a40f in qcrypto_ivgen_essiv_calculate /home/elmarco/src/qq/crypto/ivgen-essiv.c:76 This frame has 1 object(s): [32, 40) 'sector.addr' <== Memory access at offset 40 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow (/home/elmarco/src/qq/build/tests/test-crypto-ivgen+0x110450) in __asan_memcpy Shadow bytes around the buggy address: 0x100031437bd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437be0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437bf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437c10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x100031437c20: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00[f3]f3 f3 0x100031437c30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437c40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437c50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437c60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100031437c70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb It looks like the rest of the code copes with ndata being larger than sizeof(sector), so limit the memcpy() range. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <20180104160523.22995-13-marcandre.lureau@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
122 lines
3.5 KiB
C
122 lines
3.5 KiB
C
/*
|
|
* QEMU Crypto block IV generator - essiv
|
|
*
|
|
* Copyright (c) 2015-2016 Red Hat, Inc.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
#include "qemu/osdep.h"
|
|
#include "qapi/error.h"
|
|
#include "qemu/bswap.h"
|
|
#include "crypto/ivgen-essiv.h"
|
|
|
|
typedef struct QCryptoIVGenESSIV QCryptoIVGenESSIV;
|
|
struct QCryptoIVGenESSIV {
|
|
QCryptoCipher *cipher;
|
|
};
|
|
|
|
static int qcrypto_ivgen_essiv_init(QCryptoIVGen *ivgen,
|
|
const uint8_t *key, size_t nkey,
|
|
Error **errp)
|
|
{
|
|
uint8_t *salt;
|
|
size_t nhash;
|
|
size_t nsalt;
|
|
QCryptoIVGenESSIV *essiv = g_new0(QCryptoIVGenESSIV, 1);
|
|
|
|
/* Not necessarily the same as nkey */
|
|
nsalt = qcrypto_cipher_get_key_len(ivgen->cipher);
|
|
|
|
nhash = qcrypto_hash_digest_len(ivgen->hash);
|
|
/* Salt must be larger of hash size or key size */
|
|
salt = g_new0(uint8_t, MAX(nhash, nsalt));
|
|
|
|
if (qcrypto_hash_bytes(ivgen->hash, (const gchar *)key, nkey,
|
|
&salt, &nhash,
|
|
errp) < 0) {
|
|
g_free(essiv);
|
|
g_free(salt);
|
|
return -1;
|
|
}
|
|
|
|
/* Now potentially truncate salt to match cipher key len */
|
|
essiv->cipher = qcrypto_cipher_new(ivgen->cipher,
|
|
QCRYPTO_CIPHER_MODE_ECB,
|
|
salt, MIN(nhash, nsalt),
|
|
errp);
|
|
if (!essiv->cipher) {
|
|
g_free(essiv);
|
|
g_free(salt);
|
|
return -1;
|
|
}
|
|
|
|
g_free(salt);
|
|
ivgen->private = essiv;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int qcrypto_ivgen_essiv_calculate(QCryptoIVGen *ivgen,
|
|
uint64_t sector,
|
|
uint8_t *iv, size_t niv,
|
|
Error **errp)
|
|
{
|
|
QCryptoIVGenESSIV *essiv = ivgen->private;
|
|
size_t ndata = qcrypto_cipher_get_block_len(ivgen->cipher);
|
|
uint8_t *data = g_new(uint8_t, ndata);
|
|
|
|
sector = cpu_to_le64(sector);
|
|
memcpy(data, (uint8_t *)§or, MIN(sizeof(sector), ndata));
|
|
if (sizeof(sector) < ndata) {
|
|
memset(data + sizeof(sector), 0, ndata - sizeof(sector));
|
|
}
|
|
|
|
if (qcrypto_cipher_encrypt(essiv->cipher,
|
|
data,
|
|
data,
|
|
ndata,
|
|
errp) < 0) {
|
|
g_free(data);
|
|
return -1;
|
|
}
|
|
|
|
if (ndata > niv) {
|
|
ndata = niv;
|
|
}
|
|
memcpy(iv, data, ndata);
|
|
if (ndata < niv) {
|
|
memset(iv + ndata, 0, niv - ndata);
|
|
}
|
|
g_free(data);
|
|
return 0;
|
|
}
|
|
|
|
static void qcrypto_ivgen_essiv_cleanup(QCryptoIVGen *ivgen)
|
|
{
|
|
QCryptoIVGenESSIV *essiv = ivgen->private;
|
|
|
|
qcrypto_cipher_free(essiv->cipher);
|
|
g_free(essiv);
|
|
}
|
|
|
|
|
|
struct QCryptoIVGenDriver qcrypto_ivgen_essiv = {
|
|
.init = qcrypto_ivgen_essiv_init,
|
|
.calculate = qcrypto_ivgen_essiv_calculate,
|
|
.cleanup = qcrypto_ivgen_essiv_cleanup,
|
|
};
|
|
|