CVE Assignment for Crypto++ and "AES and incorrect argument to _freea() under Microsoft compilers"

[Jeffrey Walton <noloader () gmail com>]

CVE assignment, please.

=== INTRODUCTION ===

John Byrd reported a crash in Crypto++'s AES implementation under
Microsoft compilers due to use of `_malloca`, `AliasedWithTables` and
`_freea`. Crypto++ can potentially free the wrong pointer when the
pointer is adjusted to flush cache lines to avoid Bernstein's cache
timing attacks.

=== SCOPE ===

The bug only affects Crypto++ 5.6.4 and was introduced at
http://github.com/weidai11/cryptopp/commit/823bc93357da32a3a4a2b71b9915a4e124839d18.

The bug is specific to Windows and Microsoft compilers because its
guarded by `_MSC_VER`.

The bug does not affect Unix and Linux; and does not affect
non-Microsoft compilers on Windows, like ICC and Borland.

=== DETAILS ===

The code in question asks `_malloca` for a block of memory. The code
also over-commits the size and adjust the pointer to a 256-byte
boundary. The pointer is sent `AliasedWithTables` to flush cache
lines. If `AliasedWithTables` cannot perform the flush, then it
returns false. Upon the false return, the code reallocates, adjusts
the pointer and calls `AliasedWithTables` again. Eventually the call
succeeds. After the code in question completes, it frees the adjusted
pointer and not the original pointer using `_freea`.

`alloca` is on Microsoft's [SDLC banned function list
(http://msdn.microsoft.com/en-us/library/bb288454.aspx). The code was
migrated from `alloca`  to `_malloca` for C&A purposes.

`_malloca` and `_freea` are Microsoft SDLC functions. Microsoft
sometimes uses the heap rather than the stack for `_malloca`, and
that's the reason `_freea` is needed.

=== CORRECTION ===

The issue is being tracked at https://github.com/weidai11/cryptopp/issues/302.

The code will be fixed by using the correct pointer. The fix will be
pushed within about two weeks along with CVE-2016-7420.