summaryrefslogtreecommitdiff
path: root/include/linux/firmware/intel/git@git.tavy.me:linux.git
diff options
context:
space:
mode:
authorTaeyang Lee <0wn@theori.io>2026-01-16 16:03:58 +0900
committerHerbert Xu <herbert@gondor.apana.org.au>2026-01-20 14:38:48 +0800
commit2397e9264676be7794f8f7f1e9763d90bd3c7335 (patch)
treeafe5cc185a5a4e5a9d84cc1725b9959ed57c9b41 /include/linux/firmware/intel/git@git.tavy.me:linux.git
parent961ac9d97be72267255f1ed841aabf6694b17454 (diff)
crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec
authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a minimum AAD length check to fail fast on invalid inputs. Fixes: 104880a6b470 ("crypto: authencesn - Convert to new AEAD interface") Reported-By: Taeyang Lee <0wn@theori.io> Signed-off-by: Taeyang Lee <0wn@theori.io> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'include/linux/firmware/intel/git@git.tavy.me:linux.git')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-24 11:26:40 +0000