/* * Copyright (c) 2018 SUSE * Author: Nicolai Stange <nstange@suse.de> * LTP conversion: Richard Palethorpe <rpalethorpe@suse.com> * * Originally found by syzkaller: * https://groups.google.com/forum/#!topic/syzkaller-bugs/NKn_ivoPOpk * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see <http://www.gnu.org/licenses/>. * * Test for CVE-2017-5754 - pcrypt mishandles freeing instances. * * The test works by adding and then removing pcrypt-AEAD instances. * See commit d76c68109f37 crypto: pcrypt - fix freeing pcrypt instances. * * If the bug is present then this will probably crash the kernel, but also * sometimes the test simply times out. */ #include <errno.h> #include <time.h> #include "tst_test.h" #include "tst_safe_net.h" #include "tst_taint.h" #include "tst_crypto.h" #define ATTEMPTS 10000 static struct tst_crypto_session ses = TST_CRYPTO_SESSION_INIT; void setup(void) { tst_crypto_open(&ses); } void run(void) { int i; struct crypto_user_alg a = { .cru_driver_name = "pcrypt(authenc(hmac(sha256-generic),cbc(aes-generic)))", .cru_type = CRYPTO_ALG_TYPE_AEAD, .cru_mask = CRYPTO_ALG_TYPE_MASK, }; for (i = 0; i < ATTEMPTS; ++i) { TEST(tst_crypto_add_alg(&ses, &a)); if (TST_RET && TST_RET == -ENOENT) { tst_brk(TCONF | TRERRNO, "pcrypt, hmac, sha256, cbc or aes not supported"); } if (TST_RET && TST_RET != -EEXIST) tst_brk(TBROK | TRERRNO, "add_alg"); TEST(tst_crypto_del_alg(&ses, &a)); if (TST_RET) tst_brk(TBROK | TRERRNO, "del_alg"); } tst_res(TPASS, "Nothing bad appears to have happened"); } void cleanup(void) { tst_crypto_close(&ses); } static struct tst_test test = { .setup = setup, .test_all = run, .cleanup = cleanup, .needs_root = 1, };