libceph: don't WARN() if user tries to add invalid key
The WARN_ON(!key->len) in set_secret() in net/ceph/crypto.c is hit if a
user tries to add a key of type "ceph" with an invalid payload as
follows (assuming CONFIG_CEPH_LIB=y):
echo -e -n '\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \
| keyctl padd ceph desc @s
This can be hit by fuzzers. As this is merely bad input and not a
kernel bug, replace the WARN_ON() with return -EINVAL.
Fixes: 7af3ea189a ("libceph: stop allocating a new cipher on every crypto request")
Cc: <stable@vger.kernel.org> # v4.10+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
This commit is contained in:
Eric Biggers
Ilya Dryomov
Родитель
7c08428979
Коммит
b11270853f
|
|
@ -37,7 +37,9 @@ static int set_secret(struct ceph_crypto_key *key, void *buf)
|
||||||
return -ENOTSUPP;
|
return -ENOTSUPP;
|
||||||
}
|
}
|
||||||
|
|
||||||
WARN_ON(!key->len);
|
if (!key->len)
|
||||||
|
return -EINVAL;
|
||||||
|
|
||||||
key->key = kmemdup(buf, key->len, GFP_NOIO);
|
key->key = kmemdup(buf, key->len, GFP_NOIO);
|
||||||
if (!key->key) {
|
if (!key->key) {
|
||||||
ret = -ENOMEM;
|
ret = -ENOMEM;
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче