UPSTREAM: KEYS: encrypted: fix buffer overread in valid_master_desc() - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Eric Biggers <ebiggers@google.com>	2018-02-12 17:38:47 -0800
committer	Moyster <oysterized@gmail.com>	2018-05-16 13:08:08 +0200
commit	c8ef0fa630d3ad30d75fc03f850ad5a0c345ef69 (patch)
tree	60117e6b71fb4f610d0e9d31d1084d979acffe27 /kernel/hrtimer.c
parent	1b3a3a3ae8ccfeefe70a378b50b115b6bab2e362 (diff)

UPSTREAM: KEYS: encrypted: fix buffer overread in valid_master_desc()

With the 'encrypted' key type it was possible for userspace to provide a data blob ending with a master key description shorter than expected, e.g. 'keyctl add encrypted desc "new x" @s'. When validating such a master key description, validate_master_desc() could read beyond the end of the buffer. Fix this by using strncmp() instead of memcmp(). [Also clean up the code to deduplicate some logic.] Cc: linux-stable <stable@vger.kernel.org> # 3.18.y Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Bug: 70526974 Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Jin Qian <jinqian@google.com> Signed-off-by: Steve Pfetsch <spfetsch@google.com> Change-Id: I2cc3af94f855e66f2014dd1dced4425ed8a41f29 (cherry picked from commit 794b4bc292f5d31739d89c0202c54e7dc9bc3add)

Diffstat (limited to 'kernel/hrtimer.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: