From: David Howells <dhowells@redhat.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 1/7] lib: Fix a couple of potential signed oveflows
Date: Fri, 22 Aug 2025 15:22:08 +0100 [thread overview]
Message-ID: <20250822142215.2475014-2-dhowells@redhat.com> (raw)
In-Reply-To: <20250822142215.2475014-1-dhowells@redhat.com>
Fix keyctl_read_alloc() to check for a potential unsigned overflow when we
allocate a buffer with an extra byte added on the end for a NUL.
Fix keyctl_dh_compute_alloc() for the same thing.
Signed-off-by: David Howells <dhowells@redhat.com>
---
keyutils.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/keyutils.c b/keyutils.c
index 37b6cc3..fd02cda 100644
--- a/keyutils.c
+++ b/keyutils.c
@@ -18,6 +18,7 @@
#include <dlfcn.h>
#include <sys/uio.h>
#include <errno.h>
+#include <limits.h>
#include <asm/unistd.h>
#include "keyutils.h"
@@ -442,6 +443,8 @@ int keyctl_read_alloc(key_serial_t id, void **_buffer)
return -1;
for (;;) {
+ if (ret == LONG_MAX)
+ return -EFBIG; /* Don't let buflen+1 overflow. */
buflen = ret;
buf = malloc(buflen + 1);
if (!buf)
@@ -515,6 +518,8 @@ int keyctl_dh_compute_alloc(key_serial_t priv, key_serial_t prime,
if (ret < 0)
return -1;
+ if (ret == LONG_MAX)
+ return -EFBIG; /* Don't let buflen+1 overflow. */
buflen = ret;
buf = malloc(buflen + 1);
if (!buf)
next prev parent reply other threads:[~2025-08-22 14:22 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-22 14:22 [PATCH 0/7] keyutils: Add some fixes and updates David Howells
2025-08-22 14:22 ` David Howells [this message]
2025-08-23 23:25 ` [PATCH 1/7] lib: Fix a couple of potential signed oveflows Jarkko Sakkinen
2025-08-22 14:22 ` [PATCH 2/7] request-key: Fix mishandling of last line of config file David Howells
2025-08-23 23:59 ` Jarkko Sakkinen
2025-11-19 15:53 ` David Howells
2025-08-22 14:22 ` [PATCH 3/7] test: Hide endianness David Howells
2025-08-22 14:22 ` [PATCH 4/7] tests: Add skips for testing of unsupported features David Howells
2025-08-22 14:22 ` [PATCH 5/7] request-key: Add help text David Howells
2025-08-24 0:03 ` Jarkko Sakkinen
2025-08-22 14:22 ` [PATCH 6/7] request-key: Add a simpler debug test David Howells
2025-08-24 0:04 ` Jarkko Sakkinen
2025-08-22 14:22 ` [PATCH 7/7] request-key: Support the promised multiwildcard matching David Howells
2025-08-24 0:05 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250822142215.2475014-2-dhowells@redhat.com \
--to=dhowells@redhat.com \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.