]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
KEYS: fix overflow in keyctl_pkey_params_get_2()
authorJarkko Sakkinen <jarkko@kernel.org>
Mon, 1 Jun 2026 20:11:54 +0000 (23:11 +0300)
committerJarkko Sakkinen <jarkko@kernel.org>
Mon, 15 Jun 2026 12:19:12 +0000 (15:19 +0300)
commitcb481e59ea6cae3b7796ac1d7a22b6b24c3f3c0b
treeaec3ac8cebd4a4572bb105559233fe00a3ce3f39
parent0e0611827f3349d0a2ac121c023a6d3260dcecdb
KEYS: fix overflow in keyctl_pkey_params_get_2()

The length for the internal output buffer is calculated incorrectly, which
can result overflow when a too small buffer is provided.

Fix the bug by allocating internal output with the size of the maximum
length of the cryptographic primitive instead of caller provided size.

Link: https://lore.kernel.org/keyrings/20260531024914.3712130-1-jarkko@kernel.org/
Cc: stable@vger.kernel.org # v4.20+
Fixes: 00d60fd3b932 ("KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2]")
Reported-by: Alessandro Groppo <ale.grpp@gmail.com>
Tested-by: Alessandro Groppo <ale.grpp@gmail.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
security/keys/keyctl_pkey.c