| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20181206143014.801941330@linuxfoundation.org>
Date: Thu, 6 Dec 2018 15:38:55 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Ilya Dryomov <idryomov@...il.com>,
Sage Weil <sage@...hat.com>,
Ben Hutchings <ben.hutchings@...ethink.co.uk>
Subject: [PATCH 4.9 056/101] libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilya Dryomov <idryomov@...il.com>
commit f1d10e04637924f2b00a0fecdd2ca4565f5cfc3f upstream.
Allow for extending ceph_x_authorize_reply in the future.
Signed-off-by: Ilya Dryomov <idryomov@...il.com>
Reviewed-by: Sage Weil <sage@...hat.com>
Signed-off-by: Ben Hutchings <ben.hutchings@...ethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
net/ceph/auth_x.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -733,8 +733,10 @@ static int ceph_x_verify_authorizer_repl
ret = ceph_x_decrypt(&au->session_key, &p, p + CEPHX_AU_ENC_BUF_LEN);
if (ret < 0)
return ret;
- if (ret != sizeof(*reply))
- return -EPERM;
+ if (ret < sizeof(*reply)) {
+ pr_err("bad size %d for ceph_x_authorize_reply\n", ret);
+ return -EINVAL;
+ }
if (au->nonce + 1 != le64_to_cpu(reply->nonce_plus_one))
ret = -EPERM;
Powered by blists - more mailing lists