[<prev] [next>] [day] [month] [year] [list]
Message-Id: <CXOKLV16E1FZ.GB1X2HLFVY08@suppilovahvero>
Date: Fri, 15 Dec 2023 05:00:48 +0200
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Edward Adam Davis" <eadavis@...com>,
<syzbot+94bbb75204a05da3d89f@...kaller.appspotmail.com>
Cc: <davem@...emloft.net>, <dhowells@...hat.com>, <edumazet@...gle.com>,
<jmorris@...ei.org>, <keyrings@...r.kernel.org>, <kuba@...nel.org>,
<linux-kernel@...r.kernel.org>, <linux-security-module@...r.kernel.org>,
<netdev@...r.kernel.org>, <pabeni@...hat.com>, <paul@...l-moore.com>,
<serge@...lyn.com>, <syzkaller-bugs@...glegroups.com>
Subject: Re: [PATCH next] keys/dns: datalen must greater than sizeof(*v1)
On Thu Dec 14, 2023 at 4:33 PM EET, Edward Adam Davis wrote:
> bin will be forcibly converted to "struct dns_server_list_v1_header *", so it
> is necessary to compare datalen with sizeof(*v1).
>
> Fixes: b946001d3bb1 ("keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry")
> Reported-and-tested-by: syzbot+94bbb75204a05da3d89f@...kaller.appspotmail.com
> Signed-off-by: Edward Adam Davis <eadavis@...com>
> ---
> net/dns_resolver/dns_key.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c
> index 3233f4f25fed..15f19521021c 100644
> --- a/net/dns_resolver/dns_key.c
> +++ b/net/dns_resolver/dns_key.c
> @@ -104,7 +104,7 @@ dns_resolver_preparse(struct key_preparsed_payload *prep)
>
> if (data[0] == 0) {
> /* It may be a server list. */
> - if (datalen <= sizeof(*bin))
> + if (datalen <= sizeof(*v1))
> return -EINVAL;
>
> bin = (const struct dns_payload_header *)data;
Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org>
BR, Jarkko
Powered by blists - more mailing lists