Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
libceph: define and enforce CEPH_MAX_KEY_LEN
When decoding the key, verify that the key material would fit into
a fixed-size buffer in process_auth_done() and generally has a sane
length.
The new CEPH_MAX_KEY_LEN check replaces the existing check for a key
with no key material which is a) not universal since CEPH_CRYPTO_NONE
has to be excluded and b) doesn't provide much value since a smaller
than needed key is just as invalid as no key -- this has to be handled
elsewhere anyway.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+7
-5
+5
-3
net/ceph/crypto.c
+5
-3
net/ceph/crypto.c
···
37
37
return -ENOTSUPP;
38
38
}
39
39
40
-
if (!key->len)
41
-
return -EINVAL;
42
-
43
40
key->key = kmemdup(buf, key->len, GFP_NOIO);
44
41
if (!key->key) {
45
42
ret = -ENOMEM;
···
80
83
ceph_decode_copy(p, &key->created, sizeof(key->created));
81
84
key->len = ceph_decode_16(p);
82
85
ceph_decode_need(p, end, key->len, bad);
86
+
if (key->len > CEPH_MAX_KEY_LEN) {
87
+
pr_err("secret too big %d\n", key->len);
88
+
return -EINVAL;
89
+
}
90
+
83
91
ret = set_secret(key, *p);
84
92
memzero_explicit(*p, key->len);
85
93
*p += key->len;
+1
-1
net/ceph/crypto.h
+1
-1
net/ceph/crypto.h
+1
-1
net/ceph/messenger_v2.c
+1
-1
net/ceph/messenger_v2.c
···
2360
2360
*/
2361
2361
static int process_auth_done(struct ceph_connection *con, void *p, void *end)
2362
2362
{
2363
-
u8 session_key_buf[CEPH_KEY_LEN + 16];
2363
+
u8 session_key_buf[CEPH_MAX_KEY_LEN + 16];
2364
2364
u8 con_secret_buf[CEPH_MAX_CON_SECRET_LEN + 16];
2365
2365
u8 *session_key = PTR_ALIGN(&session_key_buf[0], 16);
2366
2366
u8 *con_secret = PTR_ALIGN(&con_secret_buf[0], 16);