1 /*
2 * Copyright (c) 2018 SUSE
3 * Author: Nicolai Stange <nstange@suse.de>
4 * LTP conversion: Richard Palethorpe <rpalethorpe@suse.com>
5 *
6 * Originally found by syzkaller:
7 * https://groups.google.com/forum/#!topic/syzkaller-bugs/NKn_ivoPOpk
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version 2
12 * of the License, or (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 *
22 * Test for CVE-2017-5754 - pcrypt mishandles freeing instances.
23 *
24 * The test works by adding and then removing pcrypt-AEAD instances.
25 * See commit d76c68109f37 crypto: pcrypt - fix freeing pcrypt instances.
26 *
27 * If the bug is present then this will probably crash the kernel, but also
28 * sometimes the test simply times out.
29 */
30
31 #include <errno.h>
32 #include <time.h>
33
34 #include "tst_test.h"
35 #include "tst_safe_net.h"
36 #include "tst_taint.h"
37 #include "tst_crypto.h"
38
39 #define ATTEMPTS 10000
40
41 static struct tst_crypto_session ses = TST_CRYPTO_SESSION_INIT;
42
setup(void)43 void setup(void)
44 {
45 tst_crypto_open(&ses);
46 }
47
run(void)48 void run(void)
49 {
50 int i;
51 struct crypto_user_alg a = {
52 .cru_driver_name = "pcrypt(authenc(hmac(sha256-generic),cbc(aes-generic)))",
53 .cru_type = CRYPTO_ALG_TYPE_AEAD,
54 .cru_mask = CRYPTO_ALG_TYPE_MASK,
55 };
56
57 for (i = 0; i < ATTEMPTS; ++i) {
58 TEST(tst_crypto_add_alg(&ses, &a));
59 if (TST_RET && TST_RET == -ENOENT) {
60 tst_brk(TCONF | TRERRNO,
61 "pcrypt, hmac, sha256, cbc or aes not supported");
62 }
63 if (TST_RET && TST_RET != -EEXIST)
64 tst_brk(TBROK | TRERRNO, "add_alg");
65
66 TEST(tst_crypto_del_alg(&ses, &a));
67 if (TST_RET)
68 tst_brk(TBROK | TRERRNO, "del_alg");
69 }
70
71 tst_res(TPASS, "Nothing bad appears to have happened");
72 }
73
cleanup(void)74 void cleanup(void)
75 {
76 tst_crypto_close(&ses);
77 }
78
79 static struct tst_test test = {
80 .setup = setup,
81 .test_all = run,
82 .cleanup = cleanup,
83 .needs_root = 1,
84 };
85