| Message ID | 0615f30dc0e11d25d61b48a65dfcb9e9f1136188.1619886329.git.aclaudi@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | David Ahern |
| Headers | show |
| Series | tipc: input validation | expand |
| Context | Check | Description |
|---|---|---|
| netdev/tree_selection | success | Not a local patch |
[ cc author of Fixes commit ] On 5/1/21 10:32 AM, Andrea Claudi wrote: > tipc segfaults when called with an abnormally long algname: > > $ tipc node set key 0x1234 algname supercalifragilistichespiralidososupercalifragilistichespiralidoso > *** buffer overflow detected ***: terminated > > Fix this returning an error if provided algname is longer than > TIPC_AEAD_ALG_NAME. > > Fixes: 24bee3bf9752 ("tipc: add new commands to set TIPC AEAD key") > Signed-off-by: Andrea Claudi <aclaudi@redhat.com> > --- > tipc/node.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/tipc/node.c b/tipc/node.c > index ae75bfff..bf592a07 100644 > --- a/tipc/node.c > +++ b/tipc/node.c > @@ -236,10 +236,15 @@ get_ops: > > /* Get algorithm name, default: "gcm(aes)" */ > opt_algname = get_opt(opts, "algname"); > - if (!opt_algname) > + if (!opt_algname) { > strcpy(input.key.alg_name, "gcm(aes)"); > - else > + } else { > + if (strlen(opt_algname->val) > TIPC_AEAD_ALG_NAME) { > + fprintf(stderr, "error, invalid algname\n"); > + return -EINVAL; > + } > strcpy(input.key.alg_name, opt_algname->val); > + } > > /* Get node identity */ > opt_nodeid = get_opt(opts, "nodeid"); >
On 5/1/21 10:32 AM, Andrea Claudi wrote: > tipc segfaults when called with an abnormally long algname: > > $ tipc node set key 0x1234 algname supercalifragilistichespiralidososupercalifragilistichespiralidoso > *** buffer overflow detected ***: terminated > > Fix this returning an error if provided algname is longer than > TIPC_AEAD_ALG_NAME. > > Fixes: 24bee3bf9752 ("tipc: add new commands to set TIPC AEAD key") > Signed-off-by: Andrea Claudi <aclaudi@redhat.com> > --- > tipc/node.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > applied both, thanks.
diff --git a/tipc/node.c b/tipc/node.c index ae75bfff..bf592a07 100644 --- a/tipc/node.c +++ b/tipc/node.c @@ -236,10 +236,15 @@ get_ops: /* Get algorithm name, default: "gcm(aes)" */ opt_algname = get_opt(opts, "algname"); - if (!opt_algname) + if (!opt_algname) { strcpy(input.key.alg_name, "gcm(aes)"); - else + } else { + if (strlen(opt_algname->val) > TIPC_AEAD_ALG_NAME) { + fprintf(stderr, "error, invalid algname\n"); + return -EINVAL; + } strcpy(input.key.alg_name, opt_algname->val); + } /* Get node identity */ opt_nodeid = get_opt(opts, "nodeid");
tipc segfaults when called with an abnormally long algname: $ tipc node set key 0x1234 algname supercalifragilistichespiralidososupercalifragilistichespiralidoso *** buffer overflow detected ***: terminated Fix this returning an error if provided algname is longer than TIPC_AEAD_ALG_NAME. Fixes: 24bee3bf9752 ("tipc: add new commands to set TIPC AEAD key") Signed-off-by: Andrea Claudi <aclaudi@redhat.com> --- tipc/node.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)