From 59b2504df8f02f82adf0dd83db219bc451b0d9cc Mon Sep 17 00:00:00 2001 From: Jussi Kivilinna Date: Tue, 8 Feb 2022 08:54:52 +0200 Subject: [PATCH] kdf: fix unaligned memory access in balloon_xor_block * cipher/kdf.c (balloon_xor_block): Use 'buf_xor' helper function; Change pointer parameters to 'void *' type. (balloon_final): Don't cast last_block to 'u64 *' for balloon_xor_block call. -- Seen on s390x UBSAN: /home/testbuild/libgcrypt/cipher/kdf.c:1130:12: runtime error: load of misaligned address 0x00400181370c for type 'u64', which requires 8 byte alignment 0x00400181370c: note: pointer points here 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ #0 0x4001a3f3d3 (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/src/.libs/libgcrypt.so.20+0x1f83d3) #1 0x40019cf049 (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/src/.libs/libgcrypt.so.20+0x188049) #2 0x400000acbf (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/tests/t-kdf+0xacbf) #3 0x4000008931 (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/tests/t-kdf+0x8931) #4 0x400271a031 (/lib/libc.so.6+0x2b031) #5 0x400271a10d (/lib/libc.so.6+0x2b10d) #6 0x4000009bcf (/run/user/1006/libgcrypt/build_s390x-linux-gnu_ubsan/tests/t-kdf+0x9bcf) GnuPG-bug-id: 5817 Signed-off-by: Jussi Kivilinna --- cipher/kdf.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/cipher/kdf.c b/cipher/kdf.c index f39d3bc2..1889af45 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -1122,12 +1122,9 @@ balloon_open (gcry_kdf_hd_t *hd, int subalgo, static void -balloon_xor_block (balloon_ctx_t b, u64 *dst, const u64 *src) +balloon_xor_block (balloon_ctx_t b, void *dst, const void *src) { - int i; - - for (i = 0; i < b->blklen/8; i++) - dst[i] ^= src[i]; + buf_xor (dst, dst, src, b->blklen); } #define BALLOON_COMPRESS_BLOCKS 5 @@ -1355,7 +1352,7 @@ balloon_final (balloon_ctx_t b, size_t resultlen, void *result) return t->ec; last_block = t->block + (b->blklen * (t->b->n_blocks - 1)); - balloon_xor_block (b, result, (u64 *)last_block); + balloon_xor_block (b, result, last_block); } return 0;