summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2017-11-06 21:57:26 -0800
committerIlya Dryomov <idryomov@gmail.com>2017-11-13 12:12:44 +0100
commitb11270853fa3654f08d4a6a03b23ddb220512d8d (patch)
treed9f851b984bda537edced56d652af69a5a79b04c
parent7c084289795bc0f3b9ab315ac3c8d269dd4d0215 (diff)
downloadlinux-stable-b11270853fa3654f08d4a6a03b23ddb220512d8d.tar.gz
linux-stable-b11270853fa3654f08d4a6a03b23ddb220512d8d.tar.bz2
linux-stable-b11270853fa3654f08d4a6a03b23ddb220512d8d.zip
libceph: don't WARN() if user tries to add invalid key
The WARN_ON(!key->len) in set_secret() in net/ceph/crypto.c is hit if a user tries to add a key of type "ceph" with an invalid payload as follows (assuming CONFIG_CEPH_LIB=y): echo -e -n '\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \ | keyctl padd ceph desc @s This can be hit by fuzzers. As this is merely bad input and not a kernel bug, replace the WARN_ON() with return -EINVAL. Fixes: 7af3ea189a9a ("libceph: stop allocating a new cipher on every crypto request") Cc: <stable@vger.kernel.org> # v4.10+ Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
-rw-r--r--net/ceph/crypto.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index 489610ac1cdd..bf9d079cbafd 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -37,7 +37,9 @@ static int set_secret(struct ceph_crypto_key *key, void *buf)
return -ENOTSUPP;
}
- WARN_ON(!key->len);
+ if (!key->len)
+ return -EINVAL;
+
key->key = kmemdup(buf, key->len, GFP_NOIO);
if (!key->key) {
ret = -ENOMEM;