This code assigns src_len (size_t) to sl (int), which causes problems when src_len is very large. Probably nobody in the kernel should be passing this much data to chacha20poly1305 all in one go anyway, so I don't think we need to change the algorithm or introduce larger types or anything. But we should at least error out early in this case and print a warning so that we get reports if this does happen and can look into why anybody is possibly passing it that much data or if they're accidently passing -1 or similar.

Fixes: d95312a3ccc0 ("crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine") Cc: Ard Biesheuvel ardb@kernel.org Cc: stable@vger.kernel.org # 5.5+ Signed-off-by: Jason A. Donenfeld Jason@zx2c4.com Acked-by: Ard Biesheuvel ardb@kernel.org --- Due to the "stable" in the subject line prior, this patch missed Herbert's filters. So, I'm simply resending it here so that they can get picked up. Note that this is intended for the crypto-2.6.git tree rather than cryptodev-2.6.git.

lib/crypto/chacha20poly1305.c | 3 +++ 1 file changed, 3 insertions(+)

diff --git a/lib/crypto/chacha20poly1305.c b/lib/crypto/chacha20poly1305.c index 6d83cafebc69..ad0699ce702f 100644 --- a/lib/crypto/chacha20poly1305.c +++ b/lib/crypto/chacha20poly1305.c @@ -235,6 +235,9 @@ bool chacha20poly1305_crypt_sg_inplace(struct scatterlist *src, __le64 lens[2]; } b __aligned(16);

+ if (WARN_ON(src_len > INT_MAX)) + return false; + chacha_load_key(b.k, key);

b.iv[0] = 0;