// SPDX-License-Identifier: GPL-2.0-or-later /* * Copyright 2018 Google LLC */ /* * Regression test for commit f43f39958beb ("crypto: user - fix leaking * uninitialized memory to userspace"), or CVE-2018-19854; it was also a * re-introduction of CVE-2013-2547. This bug caused uninitialized kernel stack * memory to be leaked in some string fields in the replies to CRYPTO_MSG_GETALG * messages over NETLINK_CRYPTO. To try to detect the bug, this test dumps all * algorithms using NLM_F_DUMP mode and checks all string fields for unexpected * nonzero bytes. */ #include <stdlib.h> #include "tst_test.h" #include "tst_crypto.h" #include "tst_netlink.h" /* * include after <sys/socket.h> (via tst_test.h), to work around dependency bug * in old kernel headers (https://www.spinics.net/lists/netdev/msg171764.html) */ #include <linux/rtnetlink.h> static struct tst_crypto_session ses = TST_CRYPTO_SESSION_INIT; static void setup(void) { tst_crypto_open(&ses); } static void do_check_for_leaks(const char *name, const char *value, size_t vlen) { size_t i; for (i = strnlen(value, vlen); i < vlen; i++) { if (value[i] != '\0') tst_brk(TFAIL, "information leak in field '%s'", name); } } #define check_for_leaks(name, field) \ do_check_for_leaks(name, field, sizeof(field)) static void validate_attr(const struct rtattr *rta) { switch (rta->rta_type) { case CRYPTOCFGA_REPORT_LARVAL: { const struct crypto_report_larval *p = RTA_DATA(rta); check_for_leaks("crypto_report_larval::type", p->type); break; } case CRYPTOCFGA_REPORT_HASH: { const struct crypto_report_hash *p = RTA_DATA(rta); check_for_leaks("crypto_report_hash::type", p->type); break; } case CRYPTOCFGA_REPORT_BLKCIPHER: { const struct crypto_report_blkcipher *p = RTA_DATA(rta); check_for_leaks("crypto_report_blkcipher::type", p->type); check_for_leaks("crypto_report_blkcipher::geniv", p->geniv); break; } case CRYPTOCFGA_REPORT_AEAD: { const struct crypto_report_aead *p = RTA_DATA(rta); check_for_leaks("crypto_report_aead::type", p->type); check_for_leaks("crypto_report_aead::geniv", p->geniv); break; } case CRYPTOCFGA_REPORT_COMPRESS: { const struct crypto_report_comp *p = RTA_DATA(rta); check_for_leaks("crypto_report_comp::type", p->type); break; } case CRYPTOCFGA_REPORT_RNG: { const struct crypto_report_rng *p = RTA_DATA(rta); check_for_leaks("crypto_report_rng::type", p->type); break; } case CRYPTOCFGA_REPORT_CIPHER: { const struct crypto_report_cipher *p = RTA_DATA(rta); check_for_leaks("crypto_report_cipher::type", p->type); break; } case CRYPTOCFGA_REPORT_AKCIPHER: { const struct crypto_report_akcipher *p = RTA_DATA(rta); check_for_leaks("crypto_report_akcipher::type", p->type); break; } case CRYPTOCFGA_REPORT_KPP: { const struct crypto_report_kpp *p = RTA_DATA(rta); check_for_leaks("crypto_report_kpp::type", p->type); break; } case CRYPTOCFGA_REPORT_ACOMP: { const struct crypto_report_acomp *p = RTA_DATA(rta); check_for_leaks("crypto_report_acomp::type", p->type); break; } } /* end switch */ } static void validate_one_alg(const struct nlmsghdr *nh) { const struct crypto_user_alg *alg = NLMSG_DATA(nh); const struct rtattr *rta = (void *)alg + NLMSG_ALIGN(sizeof(*alg)); size_t remaining = NLMSG_PAYLOAD(nh, sizeof(*alg)); check_for_leaks("crypto_user_alg::cru_name", alg->cru_name); check_for_leaks("crypto_user_alg::cru_driver_name", alg->cru_driver_name); check_for_leaks("crypto_user_alg::cru_module_name", alg->cru_module_name); while (RTA_OK(rta, remaining)) { validate_attr(rta); rta = RTA_NEXT(rta, remaining); } } static void validate_alg_list(const void *buf, size_t remaining) { const struct nlmsghdr *nh; for (nh = buf; NLMSG_OK(nh, remaining); nh = NLMSG_NEXT(nh, remaining)) { if (nh->nlmsg_seq != ses.seq_num) { tst_brk(TBROK, "Message out of sequence; type=0%hx, seq_num=%u (not %u)", nh->nlmsg_type, nh->nlmsg_seq, ses.seq_num); } if (nh->nlmsg_type == NLMSG_DONE) return; if (nh->nlmsg_type != CRYPTO_MSG_GETALG) { tst_brk(TBROK, "Unexpected message type; type=0x%hx, seq_num=%u", nh->nlmsg_type, nh->nlmsg_seq); } validate_one_alg(nh); } } static void run(void) { struct crypto_user_alg payload = { 0 }; struct nlmsghdr nh = { .nlmsg_len = sizeof(payload), .nlmsg_type = CRYPTO_MSG_GETALG, .nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP, .nlmsg_seq = ++(ses.seq_num), .nlmsg_pid = 0, }; /* * Due to an apparent kernel bug, this API cannot be used incrementally, * so we just use a large recvmsg() buffer. This is good enough since * we don't necessarily have to check every algorithm for this test to * be effective... */ const size_t bufsize = 1048576; void *buf = SAFE_MALLOC(bufsize); size_t res; SAFE_NETLINK_SEND(ses.fd, &nh, &payload); res = SAFE_NETLINK_RECV(ses.fd, buf, bufsize); validate_alg_list(buf, res); free(buf); tst_res(TPASS, "No information leaks found"); } static void cleanup(void) { tst_crypto_close(&ses); } static struct tst_test test = { .setup = setup, .test_all = run, .cleanup = cleanup, };