From owner-svn-src-head@freebsd.org Sat Sep 9 01:41:02 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 734E7E18DB4; Sat, 9 Sep 2017 01:41:02 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 41378736C0; Sat, 9 Sep 2017 01:41:02 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v891f1eK041554; Sat, 9 Sep 2017 01:41:01 GMT (envelope-from cem@FreeBSD.org) Received: (from cem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v891f1h4041553; Sat, 9 Sep 2017 01:41:01 GMT (envelope-from cem@FreeBSD.org) Message-Id: <201709090141.v891f1h4041553@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cem set sender to cem@FreeBSD.org using -f From: Conrad Meyer Date: Sat, 9 Sep 2017 01:41:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r323338 - head/sys/geom/eli X-SVN-Group: head X-SVN-Commit-Author: cem X-SVN-Commit-Paths: head/sys/geom/eli X-SVN-Commit-Revision: 323338 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Sep 2017 01:41:02 -0000 Author: cem Date: Sat Sep 9 01:41:01 2017 New Revision: 323338 URL: https://svnweb.freebsd.org/changeset/base/323338 Log: Fix information leak in geli(8) integrity mode In integrity mode, a larger logical sector (e.g., 4096 bytes) spans several physical sectors (e.g., 512 bytes) on the backing device. Due to hash overhead, a 4096 byte logical sector takes 8.5625 512-byte physical sectors. This means that only 288 bytes (256 data + 32 hash) of the last 512 byte sector are used. The memory allocation used to store the encrypted data to be written to the physical sectors comes from malloc(9) and does not use M_ZERO. Previously, nothing initialized the final physical sector backing each logical sector, aside from the hash + encrypted data portion. So 224 bytes of kernel heap memory was leaked to every block :-(. This patch addresses the issue by initializing the trailing portion of the physical sector in every logical sector to zeros before use. A much simpler but higher overhead fix would be to tag the entire allocation M_ZERO. PR: 222077 Reported by: Maxim Khitrov Reviewed by: emaste Security: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D12272 Modified: head/sys/geom/eli/g_eli_integrity.c Modified: head/sys/geom/eli/g_eli_integrity.c ============================================================================== --- head/sys/geom/eli/g_eli_integrity.c Sat Sep 9 01:23:30 2017 (r323337) +++ head/sys/geom/eli/g_eli_integrity.c Sat Sep 9 01:41:01 2017 (r323338) @@ -463,8 +463,16 @@ g_eli_auth_run(struct g_eli_worker *wr, struct bio *bp authkey = (u_char *)p; p += G_ELI_AUTH_SECKEYLEN; data_secsize = sc->sc_data_per_sector; - if ((i % lsec) == 0) + if ((i % lsec) == 0) { data_secsize = decr_secsize % data_secsize; + /* + * Last encrypted sector of each decrypted sector is + * only partially filled. + */ + if (bp->bio_cmd == BIO_WRITE) + memset(data + sc->sc_alen + data_secsize, 0, + encr_secsize - sc->sc_alen - data_secsize); + } if (bp->bio_cmd == BIO_READ) { /* Remember read HMAC. */