A possible divide by zero bug in drbg_ctr_df

A possible divide by zero bug in drbg_ctr_df · Yiyuan guo <hidden> · 2021-05-21
Re: A possible divide by zero bug in drbg_ctr_df · Herbert Xu <herbert@gondor.apana.org.au> · 2021-05-21
Re: A possible divide by zero bug in drbg_ctr_df · Stephan Mueller <hidden> · 2021-05-21

From: Yiyuan guo <hidden>
Date: 2021-05-21 03:24:28

In crypto/drbg.c, the function drbg_ctr_df has the following code:

padlen = (inputlen + sizeof(L_N) + 1) % (drbg_blocklen(drbg));

However, the function drbg_blocklen may return zero:

static inline __u8 drbg_blocklen(struct drbg_state *drbg)
{
    if (drbg && drbg->core)
        return drbg->core->blocklen_bytes;
    return 0;
}

Is it possible to trigger a divide by zero problem here?

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help