Patch "libceph: don't WARN() if user tries to add invalid key" has been added to the 4.9-stable tree

All of lore.kernel.org
 help / color / mirror / Atom feed

* Patch "libceph: don't WARN() if user tries to add invalid key" has been added to the 4.9-stable tree
@ 2017-11-27 16:06 gregkh
  0 siblings, 0 replies; only message in thread
From: gregkh @ 2017-11-27 16:06 UTC (permalink / raw)
  To: ebiggers, gregkh, idryomov; +Cc: stable, stable-commits


This is a note to let you know that I've just added the patch titled

    libceph: don't WARN() if user tries to add invalid key

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     libceph-don-t-warn-if-user-tries-to-add-invalid-key.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From b11270853fa3654f08d4a6a03b23ddb220512d8d Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Mon, 6 Nov 2017 21:57:26 -0800
Subject: libceph: don't WARN() if user tries to add invalid key

From: Eric Biggers <ebiggers@google.com>

commit b11270853fa3654f08d4a6a03b23ddb220512d8d upstream.

The WARN_ON(!key->len) in set_secret() in net/ceph/crypto.c is hit if a
user tries to add a key of type "ceph" with an invalid payload as
follows (assuming CONFIG_CEPH_LIB=y):

    echo -e -n '\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \
	| keyctl padd ceph desc @s

This can be hit by fuzzers.  As this is merely bad input and not a
kernel bug, replace the WARN_ON() with return -EINVAL.

Fixes: 7af3ea189a9a ("libceph: stop allocating a new cipher on every crypto request")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/ceph/crypto.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -34,7 +34,9 @@ static int set_secret(struct ceph_crypto
 		return -ENOTSUPP;
 	}
 
-	WARN_ON(!key->len);
+	if (!key->len)
+		return -EINVAL;
+
 	key->key = kmemdup(buf, key->len, GFP_NOIO);
 	if (!key->key) {
 		ret = -ENOMEM;


Patches currently in stable-queue which might be from ebiggers@google.com are

queue-4.9/lib-mpi-call-cond_resched-from-mpi_powm-loop.patch
queue-4.9/dm-bufio-fix-integer-overflow-when-limiting-maximum-cache-size.patch
queue-4.9/libceph-don-t-warn-if-user-tries-to-add-invalid-key.patch

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2017-11-27 16:10 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-27 16:06 Patch "libceph: don't WARN() if user tries to add invalid key" has been added to the 4.9-stable tree gregkh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.