| // SPDX-License-Identifier: GPL-2.0-or-later |
| /* |
| * Copyright 2018 Google LLC |
| */ |
| |
| /* |
| * Regression test for commit f43f39958beb ("crypto: user - fix leaking |
| * uninitialized memory to userspace"), or CVE-2018-19854; it was also a |
| * re-introduction of CVE-2013-2547. This bug caused uninitialized kernel stack |
| * memory to be leaked in some string fields in the replies to CRYPTO_MSG_GETALG |
| * messages over NETLINK_CRYPTO. To try to detect the bug, this test dumps all |
| * algorithms using NLM_F_DUMP mode and checks all string fields for unexpected |
| * nonzero bytes. |
| */ |
| |
| #include <stdlib.h> |
| |
| #include "tst_test.h" |
| #include "tst_crypto.h" |
| #include "tst_netlink.h" |
| |
| /* |
| * include after <sys/socket.h> (via tst_test.h), to work around dependency bug |
| * in old kernel headers (https://www.spinics.net/lists/netdev/msg171764.html) |
| */ |
| #include <linux/rtnetlink.h> |
| |
| static struct tst_crypto_session ses = TST_CRYPTO_SESSION_INIT; |
| |
| static void setup(void) |
| { |
| tst_crypto_open(&ses); |
| } |
| |
| static void do_check_for_leaks(const char *name, const char *value, size_t vlen) |
| { |
| size_t i; |
| |
| for (i = strnlen(value, vlen); i < vlen; i++) { |
| if (value[i] != '\0') |
| tst_brk(TFAIL, "information leak in field '%s'", name); |
| } |
| } |
| |
| #define check_for_leaks(name, field) \ |
| do_check_for_leaks(name, field, sizeof(field)) |
| |
| static void validate_attr(const struct rtattr *rta) |
| { |
| switch (rta->rta_type) { |
| case CRYPTOCFGA_REPORT_LARVAL: { |
| const struct crypto_report_larval *p = RTA_DATA(rta); |
| |
| check_for_leaks("crypto_report_larval::type", p->type); |
| break; |
| } |
| case CRYPTOCFGA_REPORT_HASH: { |
| const struct crypto_report_hash *p = RTA_DATA(rta); |
| |
| check_for_leaks("crypto_report_hash::type", p->type); |
| break; |
| } |
| case CRYPTOCFGA_REPORT_BLKCIPHER: { |
| const struct crypto_report_blkcipher *p = RTA_DATA(rta); |
| |
| check_for_leaks("crypto_report_blkcipher::type", p->type); |
| check_for_leaks("crypto_report_blkcipher::geniv", p->geniv); |
| break; |
| } |
| case CRYPTOCFGA_REPORT_AEAD: { |
| const struct crypto_report_aead *p = RTA_DATA(rta); |
| |
| check_for_leaks("crypto_report_aead::type", p->type); |
| check_for_leaks("crypto_report_aead::geniv", p->geniv); |
| break; |
| } |
| case CRYPTOCFGA_REPORT_COMPRESS: { |
| const struct crypto_report_comp *p = RTA_DATA(rta); |
| |
| check_for_leaks("crypto_report_comp::type", p->type); |
| break; |
| } |
| case CRYPTOCFGA_REPORT_RNG: { |
| const struct crypto_report_rng *p = RTA_DATA(rta); |
| |
| check_for_leaks("crypto_report_rng::type", p->type); |
| break; |
| } |
| case CRYPTOCFGA_REPORT_CIPHER: { |
| const struct crypto_report_cipher *p = RTA_DATA(rta); |
| |
| check_for_leaks("crypto_report_cipher::type", p->type); |
| break; |
| } |
| case CRYPTOCFGA_REPORT_AKCIPHER: { |
| const struct crypto_report_akcipher *p = RTA_DATA(rta); |
| |
| check_for_leaks("crypto_report_akcipher::type", p->type); |
| break; |
| } |
| case CRYPTOCFGA_REPORT_KPP: { |
| const struct crypto_report_kpp *p = RTA_DATA(rta); |
| |
| check_for_leaks("crypto_report_kpp::type", p->type); |
| break; |
| } |
| case CRYPTOCFGA_REPORT_ACOMP: { |
| const struct crypto_report_acomp *p = RTA_DATA(rta); |
| |
| check_for_leaks("crypto_report_acomp::type", p->type); |
| break; |
| } |
| } /* end switch */ |
| } |
| |
| static void validate_one_alg(const struct nlmsghdr *nh) |
| { |
| const struct crypto_user_alg *alg = NLMSG_DATA(nh); |
| const struct rtattr *rta = (void *)alg + NLMSG_ALIGN(sizeof(*alg)); |
| size_t remaining = NLMSG_PAYLOAD(nh, sizeof(*alg)); |
| |
| check_for_leaks("crypto_user_alg::cru_name", alg->cru_name); |
| check_for_leaks("crypto_user_alg::cru_driver_name", |
| alg->cru_driver_name); |
| check_for_leaks("crypto_user_alg::cru_module_name", |
| alg->cru_module_name); |
| |
| while (RTA_OK(rta, remaining)) { |
| validate_attr(rta); |
| rta = RTA_NEXT(rta, remaining); |
| } |
| } |
| |
| static void validate_alg_list(const void *buf, size_t remaining) |
| { |
| const struct nlmsghdr *nh; |
| |
| for (nh = buf; NLMSG_OK(nh, remaining); |
| nh = NLMSG_NEXT(nh, remaining)) { |
| if (nh->nlmsg_seq != ses.seq_num) { |
| tst_brk(TBROK, |
| "Message out of sequence; type=0%hx, seq_num=%u (not %u)", |
| nh->nlmsg_type, nh->nlmsg_seq, ses.seq_num); |
| } |
| if (nh->nlmsg_type == NLMSG_DONE) |
| return; |
| if (nh->nlmsg_type != CRYPTO_MSG_GETALG) { |
| tst_brk(TBROK, |
| "Unexpected message type; type=0x%hx, seq_num=%u", |
| nh->nlmsg_type, nh->nlmsg_seq); |
| } |
| validate_one_alg(nh); |
| } |
| } |
| |
| static void run(void) |
| { |
| struct crypto_user_alg payload = { 0 }; |
| struct nlmsghdr nh = { |
| .nlmsg_len = sizeof(payload), |
| .nlmsg_type = CRYPTO_MSG_GETALG, |
| .nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP, |
| .nlmsg_seq = ++(ses.seq_num), |
| .nlmsg_pid = 0, |
| }; |
| /* |
| * Due to an apparent kernel bug, this API cannot be used incrementally, |
| * so we just use a large recvmsg() buffer. This is good enough since |
| * we don't necessarily have to check every algorithm for this test to |
| * be effective... |
| */ |
| const size_t bufsize = 1048576; |
| void *buf = SAFE_MALLOC(bufsize); |
| size_t res; |
| |
| SAFE_NETLINK_SEND(ses.fd, &nh, &payload); |
| |
| res = SAFE_NETLINK_RECV(ses.fd, buf, bufsize); |
| |
| validate_alg_list(buf, res); |
| |
| free(buf); |
| tst_res(TPASS, "No information leaks found"); |
| } |
| |
| static void cleanup(void) |
| { |
| tst_crypto_close(&ses); |
| } |
| |
| static struct tst_test test = { |
| .setup = setup, |
| .test_all = run, |
| .cleanup = cleanup, |
| }; |