tipc: bail out if algname is abnormally long

tipc segfaults when called with an abnormally long algname:

$ tipc node set key 0x1234 algname supercalifragilistichespiralidososupercalifragilistichespiralidoso
*** buffer overflow detected ***: terminated

Fix this returning an error if provided algname is longer than
TIPC_AEAD_ALG_NAME.

Fixes: 24bee3bf9752 ("tipc: add new commands to set TIPC AEAD key")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>

diff --git a/tipc/node.c b/tipc/node.c
index ae75bfff7d2f017bb9e8cdcf7afdd7d4e50961a8..bf592a07463565d8391b183122e56b1c1c8335f1 100644 (file)
--- a/tipc/node.c
+++ b/tipc/node.c
@@ -236,10 +236,15 @@ get_ops:
 
        /* Get algorithm name, default: "gcm(aes)" */
        opt_algname = get_opt(opts, "algname");
-       if (!opt_algname)
+       if (!opt_algname) {
                strcpy(input.key.alg_name, "gcm(aes)");
-       else
+       } else {
+               if (strlen(opt_algname->val) > TIPC_AEAD_ALG_NAME) {
+                       fprintf(stderr, "error, invalid algname\n");
+                       return -EINVAL;
+               }
                strcpy(input.key.alg_name, opt_algname->val);
+       }
 
        /* Get node identity */
        opt_nodeid = get_opt(opts, "nodeid");