Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

libceph: don't WARN() if user tries to add invalid key

The WARN_ON(!key->len) in set_secret() in net/ceph/crypto.c is hit if a
user tries to add a key of type "ceph" with an invalid payload as
follows (assuming CONFIG_CEPH_LIB=y):

    echo -e -n '\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \
	| keyctl padd ceph desc @s

This can be hit by fuzzers.  As this is merely bad input and not a
kernel bug, replace the WARN_ON() with return -EINVAL.

Fixes: 7af3ea189a9a ("libceph: stop allocating a new cipher on every crypto request")
Cc: <stable@vger.kernel.org> # v4.10+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Eric Biggers 7 years ago
parent
7c08428979
commit
b11270853f
1 changed files with 3 additions and 1 deletions
Unified View Show Diff Stats
  1. 3 1
      net/ceph/crypto.c

+ 3 - 1
net/ceph/crypto.c
View File 

@@ -37,7 +37,9 @@ static int set_secret(struct ceph_crypto_key *key, void *buf)
 
 		return -ENOTSUPP;
 
 		return -ENOTSUPP;
 
 	}
 
 	}
 
 
 
-	WARN_ON(!key->len);
 
+	if (!key->len)
 
+		return -EINVAL;
 
+
 
 	key->key = kmemdup(buf, key->len, GFP_NOIO);
 
 	key->key = kmemdup(buf, key->len, GFP_NOIO);
 
 	if (!key->key) {
 
 	if (!key->key) {
 
 		ret = -ENOMEM;
 
 		ret = -ENOMEM;