| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2448f15e-7813-f754-dbac-3b870d6ae87b@gmail.com>
Date: Mon, 3 May 2021 08:50:48 -0600
From: David Ahern <dsahern@...il.com>
To: Andrea Claudi <aclaudi@...hat.com>, netdev@...r.kernel.org,
Tuong Lien <tuong.t.lien@...tech.com.au>
Cc: stephen@...workplumber.org
Subject: Re: [PATCH iproute2 1/2] tipc: bail out if algname is abnormally long
[ cc author of Fixes commit ]
On 5/1/21 10:32 AM, Andrea Claudi wrote:
> tipc segfaults when called with an abnormally long algname:
>
> $ tipc node set key 0x1234 algname supercalifragilistichespiralidososupercalifragilistichespiralidoso
> *** buffer overflow detected ***: terminated
>
> Fix this returning an error if provided algname is longer than
> TIPC_AEAD_ALG_NAME.
>
> Fixes: 24bee3bf9752 ("tipc: add new commands to set TIPC AEAD key")
> Signed-off-by: Andrea Claudi <aclaudi@...hat.com>
> ---
> tipc/node.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/tipc/node.c b/tipc/node.c
> index ae75bfff..bf592a07 100644
> --- a/tipc/node.c
> +++ b/tipc/node.c
> @@ -236,10 +236,15 @@ get_ops:
>
> /* Get algorithm name, default: "gcm(aes)" */
> opt_algname = get_opt(opts, "algname");
> - if (!opt_algname)
> + if (!opt_algname) {
> strcpy(input.key.alg_name, "gcm(aes)");
> - else
> + } else {
> + if (strlen(opt_algname->val) > TIPC_AEAD_ALG_NAME) {
> + fprintf(stderr, "error, invalid algname\n");
> + return -EINVAL;
> + }
> strcpy(input.key.alg_name, opt_algname->val);
> + }
>
> /* Get node identity */
> opt_nodeid = get_opt(opts, "nodeid");
>
Powered by blists - more mailing lists