lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 May 2021 08:50:48 -0600 From: David Ahern <dsahern@...il.com> To: Andrea Claudi <aclaudi@...hat.com>, netdev@...r.kernel.org, Tuong Lien <tuong.t.lien@...tech.com.au> Cc: stephen@...workplumber.org Subject: Re: [PATCH iproute2 1/2] tipc: bail out if algname is abnormally long [ cc author of Fixes commit ] On 5/1/21 10:32 AM, Andrea Claudi wrote: > tipc segfaults when called with an abnormally long algname: > > $ tipc node set key 0x1234 algname supercalifragilistichespiralidososupercalifragilistichespiralidoso > *** buffer overflow detected ***: terminated > > Fix this returning an error if provided algname is longer than > TIPC_AEAD_ALG_NAME. > > Fixes: 24bee3bf9752 ("tipc: add new commands to set TIPC AEAD key") > Signed-off-by: Andrea Claudi <aclaudi@...hat.com> > --- > tipc/node.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/tipc/node.c b/tipc/node.c > index ae75bfff..bf592a07 100644 > --- a/tipc/node.c > +++ b/tipc/node.c > @@ -236,10 +236,15 @@ get_ops: > > /* Get algorithm name, default: "gcm(aes)" */ > opt_algname = get_opt(opts, "algname"); > - if (!opt_algname) > + if (!opt_algname) { > strcpy(input.key.alg_name, "gcm(aes)"); > - else > + } else { > + if (strlen(opt_algname->val) > TIPC_AEAD_ALG_NAME) { > + fprintf(stderr, "error, invalid algname\n"); > + return -EINVAL; > + } > strcpy(input.key.alg_name, opt_algname->val); > + } > > /* Get node identity */ > opt_nodeid = get_opt(opts, "nodeid"); >
Powered by blists - more mailing lists