| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Nov 2017 21:57:26 -0800
From: Eric Biggers <ebiggers3@...il.com>
To: Ilya Dryomov <idryomov@...il.com>, Yan Zheng <zyan@...hat.com>,
Sage Weil <sage@...hat.com>, ceph-devel@...r.kernel.org
Cc: netdev@...r.kernel.org, keyrings@...r.kernel.org,
Eric Biggers <ebiggers@...gle.com>, stable@...r.kernel.org
Subject: [PATCH] libceph: don't WARN() if user tries to add invalid key
From: Eric Biggers <ebiggers@...gle.com>
The WARN_ON(!key->len) in set_secret() in net/ceph/crypto.c is hit if a
user tries to add a key of type "ceph" with an invalid payload as
follows (assuming CONFIG_CEPH_LIB=y):
echo -e -n '\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \
| keyctl padd ceph desc @s
This can be hit by fuzzers. As this is merely bad input and not a
kernel bug, replace the WARN_ON() with return -EINVAL.
Fixes: 7af3ea189a9a ("libceph: stop allocating a new cipher on every crypto request")
Cc: <stable@...r.kernel.org> # v4.10+
Signed-off-by: Eric Biggers <ebiggers@...gle.com>
---
net/ceph/crypto.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index 489610ac1cdd..bf9d079cbafd 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -37,7 +37,9 @@ static int set_secret(struct ceph_crypto_key *key, void *buf)
return -ENOTSUPP;
}
- WARN_ON(!key->len);
+ if (!key->len)
+ return -EINVAL;
+
key->key = kmemdup(buf, key->len, GFP_NOIO);
if (!key->key) {
ret = -ENOMEM;
--
2.15.0
Powered by blists - more mailing lists