| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <0615f30dc0e11d25d61b48a65dfcb9e9f1136188.1619886329.git.aclaudi@redhat.com>
Date: Sat, 1 May 2021 18:32:29 +0200
From: Andrea Claudi <aclaudi@...hat.com>
To: netdev@...r.kernel.org
Cc: stephen@...workplumber.org, dsahern@...il.com
Subject: [PATCH iproute2 1/2] tipc: bail out if algname is abnormally long
tipc segfaults when called with an abnormally long algname:
$ tipc node set key 0x1234 algname supercalifragilistichespiralidososupercalifragilistichespiralidoso
*** buffer overflow detected ***: terminated
Fix this returning an error if provided algname is longer than
TIPC_AEAD_ALG_NAME.
Fixes: 24bee3bf9752 ("tipc: add new commands to set TIPC AEAD key")
Signed-off-by: Andrea Claudi <aclaudi@...hat.com>
---
tipc/node.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/tipc/node.c b/tipc/node.c
index ae75bfff..bf592a07 100644
--- a/tipc/node.c
+++ b/tipc/node.c
@@ -236,10 +236,15 @@ get_ops:
/* Get algorithm name, default: "gcm(aes)" */
opt_algname = get_opt(opts, "algname");
- if (!opt_algname)
+ if (!opt_algname) {
strcpy(input.key.alg_name, "gcm(aes)");
- else
+ } else {
+ if (strlen(opt_algname->val) > TIPC_AEAD_ALG_NAME) {
+ fprintf(stderr, "error, invalid algname\n");
+ return -EINVAL;
+ }
strcpy(input.key.alg_name, opt_algname->val);
+ }
/* Get node identity */
opt_nodeid = get_opt(opts, "nodeid");
--
2.30.2
Powered by blists - more mailing lists