[ Upstream commit
ac431d597a9bdfc2ba6b314813f29a6ef2b4a3bf ]
When decoding the key, verify that the key material would fit into
a fixed-size buffer in process_auth_done() and generally has a sane
length.
The new CEPH_MAX_KEY_LEN check replaces the existing check for a key
with no key material which is a) not universal since CEPH_CRYPTO_NONE
has to be excluded and b) doesn't provide much value since a smaller
than needed key is just as invalid as no key -- this has to be handled
elsewhere anyway.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
return -ENOTSUPP;
}
- if (!key->len)
- return -EINVAL;
-
key->key = kmemdup(buf, key->len, GFP_NOIO);
if (!key->key) {
ret = -ENOMEM;
ceph_decode_copy(p, &key->created, sizeof(key->created));
key->len = ceph_decode_16(p);
ceph_decode_need(p, end, key->len, bad);
+ if (key->len > CEPH_MAX_KEY_LEN) {
+ pr_err("secret too big %d\n", key->len);
+ return -EINVAL;
+ }
+
ret = set_secret(key, *p);
memzero_explicit(*p, key->len);
*p += key->len;
#include <linux/ceph/types.h>
#include <linux/ceph/buffer.h>
-#define CEPH_KEY_LEN 16
+#define CEPH_MAX_KEY_LEN 16
#define CEPH_MAX_CON_SECRET_LEN 64
/*
*/
static int process_auth_done(struct ceph_connection *con, void *p, void *end)
{
- u8 session_key_buf[CEPH_KEY_LEN + 16];
+ u8 session_key_buf[CEPH_MAX_KEY_LEN + 16];
u8 con_secret_buf[CEPH_MAX_CON_SECRET_LEN + 16];
u8 *session_key = PTR_ALIGN(&session_key_buf[0], 16);
u8 *con_secret = PTR_ALIGN(&con_secret_buf[0], 16);
projects / thirdparty / kernel / stable.git / commitdiff
