Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / a1e25420a47a55784f277363ee0b76b2e2ea981d
commita1e25420a47a55784f277363ee0b76b2e2ea981d[log] [tgz]
authorEric Biggers <ebiggers@google.com>Mon Nov 06 21:57:26 2017 -0800
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Thu Nov 30 08:39:03 2017 +0000
tree571560bf0d229b8d9a6a450b373ed4de8d639efa
parent7d00fdbc494306fa3a8cdaf8659ca2ab591f5830 [diff]
libceph: don't WARN() if user tries to add invalid key

commit b11270853fa3654f08d4a6a03b23ddb220512d8d upstream.

The WARN_ON(!key->len) in set_secret() in net/ceph/crypto.c is hit if a
user tries to add a key of type "ceph" with an invalid payload as
follows (assuming CONFIG_CEPH_LIB=y):

    echo -e -n '\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \
	| keyctl padd ceph desc @s

This can be hit by fuzzers.  As this is merely bad input and not a
kernel bug, replace the WARN_ON() with return -EINVAL.

Fixes: 7af3ea189a9a ("libceph: stop allocating a new cipher on every crypto request")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 571560bf0d229b8d9a6a450b373ed4de8d639efa
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS