Message-Id: <CXOKLV16E1FZ.GB1X2HLFVY08@suppilovahvero>
Date: Fri, 15 Dec 2023 05:00:48 +0200
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Edward Adam Davis" <eadavis@...com>,
 <syzbot+94bbb75204a05da3d89f@...kaller.appspotmail.com>
Cc: <davem@...emloft.net>, <dhowells@...hat.com>, <edumazet@...gle.com>,
 <jmorris@...ei.org>, <keyrings@...r.kernel.org>, <kuba@...nel.org>,
 <linux-kernel@...r.kernel.org>, <linux-security-module@...r.kernel.org>,
 <netdev@...r.kernel.org>, <pabeni@...hat.com>, <paul@...l-moore.com>,
 <serge@...lyn.com>, <syzkaller-bugs@...glegroups.com>
Subject: Re: [PATCH next] keys/dns: datalen must greater than sizeof(*v1)

On Thu Dec 14, 2023 at 4:33 PM EET, Edward Adam Davis wrote:
> bin will be forcibly converted to "struct dns_server_list_v1_header *", so it 
> is necessary to compare datalen with sizeof(*v1).
>
> Fixes: b946001d3bb1 ("keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry")
> Reported-and-tested-by: syzbot+94bbb75204a05da3d89f@...kaller.appspotmail.com
> Signed-off-by: Edward Adam Davis <eadavis@...com>
> ---
>  net/dns_resolver/dns_key.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c
> index 3233f4f25fed..15f19521021c 100644
> --- a/net/dns_resolver/dns_key.c
> +++ b/net/dns_resolver/dns_key.c
> @@ -104,7 +104,7 @@ dns_resolver_preparse(struct key_preparsed_payload *prep)
>  
>  	if (data[0] == 0) {
>  		/* It may be a server list. */
> -		if (datalen <= sizeof(*bin))
> +		if (datalen <= sizeof(*v1))
>  			return -EINVAL;
>  
>  		bin = (const struct dns_payload_header *)data;

Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org>

BR, Jarkko

Powered by blists - more mailing lists