crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec

authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a minimum AAD length check to fail fast on invalid inputs. Fixes: 104880a6b470 ("crypto: authencesn - Convert to new AEAD interface") Reported-By: Taeyang Lee <0wn@theori.io> Signed-off-by: Taeyang Lee <0wn@theori.io> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Taeyang Lee <0wn@theori.io> 2026-01-16 16:03:58 +0900
committer: Herbert Xu <herbert@gondor.apana.org.au> 2026-01-20 14:38:48 +0800
commit: 2397e9264676be7794f8f7f1e9763d90bd3c7335 (patch)
tree: afe5cc185a5a4e5a9d84cc1725b9959ed57c9b41 /crypto
parent: 961ac9d97be72267255f1ed841aabf6694b17454 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/authencesn.c b/crypto/authencesn.c
index d1bf0fda3f2e..542a978663b9 100644
--- a/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -169,6 +169,9 @@ static int crypto_authenc_esn_encrypt(struct aead_request *req)
 	struct scatterlist *src, *dst;
 	int err;
 
+	if (assoclen < 8)
+		return -EINVAL;
+
 	sg_init_table(areq_ctx->src, 2);
 	src = scatterwalk_ffwd(areq_ctx->src, req->src, assoclen);
 	dst = src;
@@ -256,6 +259,9 @@ static int crypto_authenc_esn_decrypt(struct aead_request *req)
 	u32 tmp[2];
 	int err;
 
+	if (assoclen < 8)
+		return -EINVAL;
+
 	cryptlen -= authsize;
 
 	if (req->src != dst)
author	Taeyang Lee <0wn@theori.io>	2026-01-16 16:03:58 +0900
committer	Herbert Xu <herbert@gondor.apana.org.au>	2026-01-20 14:38:48 +0800
commit	2397e9264676be7794f8f7f1e9763d90bd3c7335 (patch)
tree	afe5cc185a5a4e5a9d84cc1725b9959ed57c9b41 /crypto
parent	961ac9d97be72267255f1ed841aabf6694b17454 (diff)