From: Andrea Claudi <aclaudi@redhat.com>
Date: Sat, 1 May 2021 16:32:29 +0000 (+0200)
Subject: tipc: bail out if algname is abnormally long
X-Git-Tag: v5.14.0~47
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=93c267bfb49267fd94f68c3d014fc5909645de06;p=thirdparty%2Fiproute2.git

tipc: bail out if algname is abnormally long

tipc segfaults when called with an abnormally long algname:

$ tipc node set key 0x1234 algname supercalifragilistichespiralidososupercalifragilistichespiralidoso
*** buffer overflow detected ***: terminated

Fix this returning an error if provided algname is longer than
TIPC_AEAD_ALG_NAME.

Fixes: 24bee3bf9752 ("tipc: add new commands to set TIPC AEAD key")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
---

diff --git a/tipc/node.c b/tipc/node.c
index ae75bfff7..bf592a074 100644
--- a/tipc/node.c
+++ b/tipc/node.c
@@ -236,10 +236,15 @@ get_ops:
 
 	/* Get algorithm name, default: "gcm(aes)" */
 	opt_algname = get_opt(opts, "algname");
-	if (!opt_algname)
+	if (!opt_algname) {
 		strcpy(input.key.alg_name, "gcm(aes)");
-	else
+	} else {
+		if (strlen(opt_algname->val) > TIPC_AEAD_ALG_NAME) {
+			fprintf(stderr, "error, invalid algname\n");
+			return -EINVAL;
+		}
 		strcpy(input.key.alg_name, opt_algname->val);
+	}
 
 	/* Get node identity */
 	opt_nodeid = get_opt(opts, "nodeid");