Message ID | 1850031.1704921100@warthog.procyon.org.uk |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel+bounces-22806-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2411:b0:101:2151:f287 with SMTP id m17csp1057677dyi; Wed, 10 Jan 2024 13:12:51 -0800 (PST) X-Google-Smtp-Source: AGHT+IFb/k8e+Qud+hvZupKGOh7RE5hevDFRsljYnR6w8r0hLIgQNVsp95iSV/SphSPNxZhamjKQ X-Received: by 2002:a17:902:6b8c:b0:1d3:bb4b:dc04 with SMTP id p12-20020a1709026b8c00b001d3bb4bdc04mr790960plk.17.1704921171370; Wed, 10 Jan 2024 13:12:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704921171; cv=none; d=google.com; s=arc-20160816; b=o/SZePtjevmsel8RkhGm88itk/LmpRnfdKoeVwW1Cm3mVZ0eAuyijThu0p/Dv04a8Q SMAQmfE+rixBjxJgy98grcH/eKuJO+iYmiqqbwyKi05rGlZi/QzSE+zwuTEXlFpCJVGZ V8KVdFFatXbZ/dPWDsf1ONDzt9mzypUHWQx5vT4o0WyslmLM/Kv7fCwb+eSH05rM4dtU h0LiCVt/19laRE2XvU1GqREvDMju55cUWK3ZYQpJhaSczO69GmrLCCNU+xyrOKoCTu3B tsQ7lAN7g89kcBEjFrzIG+iMO129XceZG57+VeU16/UoL1v3L08DvBGRcqtthH2eDbGJ 52Vw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:content-transfer-encoding:content-id:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:subject:cc:to :from:organization:dkim-signature; bh=gbbBO9lNpJR0MfDA9zvC1wgSIs185cCcwjZiJnDa0wI=; fh=fd47gjqPqg9dNLlLbusX6QKe3t2E8/RaoLUpphBAXbQ=; b=CCYVCpyMbr/E85i+/6+/W275XdqDvpnpD8mvv17F4z6x++ZQS/GzVlwovsWtD3S19H fSSTh6EIpl2K0q37CxIusqazUF1Z9gnsYTi/nPHjOgRwEYxBE+V9OM9DwyAbAbBGMSTq pL0yv19X18CjGQlHvUt8fZLnHLpYdt/fVSt7cRQmIxz+MvWdamgQj4pfP6R9JDn54euD RwAI1s2rh4gs5omonzl7nypTIYTl10kfCoWEvpWUZ8JZWFQQkU1E2YXrEXpGUzuoKof6 aQo3QhqeBe9iH9b8S6gKJ9RRVvC9mAdkJhQTmi4eVA6kNLl78QoL7DkTsqep6i5PSt72 DSZw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=GD1Qp3dz; spf=pass (google.com: domain of linux-kernel+bounces-22806-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-22806-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id u22-20020a63f656000000b005c65ed0f692si4601069pgj.141.2024.01.10.13.12.50 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Jan 2024 13:12:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-22806-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=GD1Qp3dz; spf=pass (google.com: domain of linux-kernel+bounces-22806-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-22806-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 93FD1B2366B for <ouuuleilei@gmail.com>; Wed, 10 Jan 2024 21:12:25 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 24C5E4F899; Wed, 10 Jan 2024 21:11:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="GD1Qp3dz" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 209084F5EF for <linux-kernel@vger.kernel.org>; Wed, 10 Jan 2024 21:11:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1704921111; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gbbBO9lNpJR0MfDA9zvC1wgSIs185cCcwjZiJnDa0wI=; b=GD1Qp3dz0kSWpPMIFetsuV5rG5JPGfCrbNIXV1IssPkXuKjkTsVVv+3Sh38GsNQmGQ2lAi ziO2zS8/lJ/iGQaw8XiUhOCXor7h4P9E/lpcw+cMbD/ftIgfWnbb0dNu8YNgaLOXoCdXiG YfWcoGyv6VxjEIRrp/e59MHSd+zC3+I= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-99-OxrgtCRHNg-my24eDO2Ukg-1; Wed, 10 Jan 2024 16:11:45 -0500 X-MC-Unique: OxrgtCRHNg-my24eDO2Ukg-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 421108371C0; Wed, 10 Jan 2024 21:11:44 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.42.28.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id 795C61121306; Wed, 10 Jan 2024 21:11:41 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells <dhowells@redhat.com> To: Linus Torvalds <torvalds@linux-foundation.org>, Edward Adam Davis <eadavis@qq.com>, Pengfei Xu <pengfei.xu@intel.com> Cc: dhowells@redhat.com, Simon Horman <horms@kernel.org>, Markus Suvanto <markus.suvanto@gmail.com>, Jeffrey E Altman <jaltman@auristor.com>, Marc Dionne <marc.dionne@auristor.com>, Wang Lei <wang840925@gmail.com>, Jeff Layton <jlayton@redhat.com>, Steve French <smfrench@gmail.com>, Jarkko Sakkinen <jarkko@kernel.org>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, linux-afs@lists.infradead.org, keyrings@vger.kernel.org, linux-cifs@vger.kernel.org, linux-nfs@vger.kernel.org, ceph-devel@vger.kernel.org, netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] keys, dns: Fix size check of V1 server-list header Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <1850030.1704921100.1@warthog.procyon.org.uk> Content-Transfer-Encoding: quoted-printable Date: Wed, 10 Jan 2024 21:11:40 +0000 Message-ID: <1850031.1704921100@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1787739421981987281 X-GMAIL-MSGID: 1787739421981987281 |
Series |
keys, dns: Fix size check of V1 server-list header
|
|
Commit Message
David Howells
Jan. 10, 2024, 9:11 p.m. UTC
Fix the size check added to dns_resolver_preparse() for the V1 server-list
header so that it doesn't give EINVAL if the size supplied is the same as
the size of the header struct (which should be valid).
This can be tested with:
echo -n -e '\0\0\01\xff\0\0' | keyctl padd dns_resolver desc @p
which will give "add_key: Invalid argument" without this fix.
Fixes: 1997b3cb4217 ("keys, dns: Fix missing size check of V1 server-list header")
Reported-by: Pengfei Xu <pengfei.xu@intel.com>
Link: https://lore.kernel.org/r/ZZ4fyY4r3rqgZL+4@xpf.sh.intel.com/
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Edward Adam Davis <eadavis@qq.com>
cc: Linus Torvalds <torvalds@linux-foundation.org>
cc: Simon Horman <horms@kernel.org>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Jeffrey E Altman <jaltman@auristor.com>
Cc: Wang Lei <wang840925@gmail.com>
Cc: Jeff Layton <jlayton@redhat.com>
Cc: Steve French <sfrench@us.ibm.com>
Cc: Marc Dionne <marc.dionne@auristor.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
---
net/dns_resolver/dns_key.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Wed, Jan 10, 2024 at 09:11:40PM +0000, David Howells wrote: > > Fix the size check added to dns_resolver_preparse() for the V1 server-list > header so that it doesn't give EINVAL if the size supplied is the same as > the size of the header struct (which should be valid). > > This can be tested with: > > echo -n -e '\0\0\01\xff\0\0' | keyctl padd dns_resolver desc @p > > which will give "add_key: Invalid argument" without this fix. > > Fixes: 1997b3cb4217 ("keys, dns: Fix missing size check of V1 server-list header") > Reported-by: Pengfei Xu <pengfei.xu@intel.com> > Link: https://lore.kernel.org/r/ZZ4fyY4r3rqgZL+4@xpf.sh.intel.com/ > Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Simon Horman <horms@kernel.org>
On Wed Jan 10, 2024 at 11:11 PM EET, David Howells wrote: > > Fix the size check added to dns_resolver_preparse() for the V1 server-list > header so that it doesn't give EINVAL if the size supplied is the same as > the size of the header struct (which should be valid). > > This can be tested with: > > echo -n -e '\0\0\01\xff\0\0' | keyctl padd dns_resolver desc @p > > which will give "add_key: Invalid argument" without this fix. > > Fixes: 1997b3cb4217 ("keys, dns: Fix missing size check of V1 server-list header") > Reported-by: Pengfei Xu <pengfei.xu@intel.com> > Link: https://lore.kernel.org/r/ZZ4fyY4r3rqgZL+4@xpf.sh.intel.com/ > Signed-off-by: David Howells <dhowells@redhat.com> > cc: Edward Adam Davis <eadavis@qq.com> > cc: Linus Torvalds <torvalds@linux-foundation.org> > cc: Simon Horman <horms@kernel.org> > Cc: Jarkko Sakkinen <jarkko@kernel.org> > Cc: Jeffrey E Altman <jaltman@auristor.com> > Cc: Wang Lei <wang840925@gmail.com> > Cc: Jeff Layton <jlayton@redhat.com> > Cc: Steve French <sfrench@us.ibm.com> > Cc: Marc Dionne <marc.dionne@auristor.com> > Cc: "David S. Miller" <davem@davemloft.net> > Cc: Eric Dumazet <edumazet@google.com> > Cc: Jakub Kicinski <kuba@kernel.org> > Cc: Paolo Abeni <pabeni@redhat.com> > --- > net/dns_resolver/dns_key.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c > index f18ca02aa95a..c42ddd85ff1f 100644 > --- a/net/dns_resolver/dns_key.c > +++ b/net/dns_resolver/dns_key.c > @@ -104,7 +104,7 @@ dns_resolver_preparse(struct key_preparsed_payload *prep) > const struct dns_server_list_v1_header *v1; > > /* It may be a server list. */ > - if (datalen <= sizeof(*v1)) > + if (datalen < sizeof(*v1)) > return -EINVAL; > > v1 = (const struct dns_server_list_v1_header *)data; Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> BR, Jarkko
From: Sedat Dilek <sedat.dilek@gmail.com> On Wed, Jan 10, 2024 at 10:12 PM David Howells <dhowells@redhat.com> wrote: > > > Fix the size check added to dns_resolver_preparse() for the V1 server-list > header so that it doesn't give EINVAL if the size supplied is the same as > the size of the header struct (which should be valid). > > This can be tested with: > > echo -n -e '\0\0\01\xff\0\0' | keyctl padd dns_resolver desc @p > > which will give "add_key: Invalid argument" without this fix. > > Fixes: 1997b3cb4217 ("keys, dns: Fix missing size check of V1 server-list header") [ CC stable@vger.kernel.org ] Your (follow-up) patch is now upstream. https://git.kernel.org/linus/acc657692aed438e9931438f8c923b2b107aebf9 This misses CC: Stable Tag as suggested by Linus. Looks like linux-6.1.y and linux-6.6.y needs it, too. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.6.11&id=da89365158f6f656b28bcdbcbbe9eaf97c63c474 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.1.72&id=079eefaecfd7bbb8fcc30eccb0dfdf50c91f1805 BG, -Sedat- Hi Greg, Sasa, could you please add this also to linux-6.1.y and linux-6.6.y? (Easily applicable to both, needed for both.) Or is there any reason why it's not being added? Kind regards, Petr > Reported-by: Pengfei Xu <pengfei.xu@intel.com> > Link: https://lore.kernel.org/r/ZZ4fyY4r3rqgZL+4@xpf.sh.intel.com/ > Signed-off-by: David Howells <dhowells@redhat.com> > cc: Edward Adam Davis <eadavis@qq.com> > cc: Linus Torvalds <torvalds@linux-foundation.org> > cc: Simon Horman <horms@kernel.org> > Cc: Jarkko Sakkinen <jarkko@kernel.org> > Cc: Jeffrey E Altman <jaltman@auristor.com> > Cc: Wang Lei <wang840925@gmail.com> > Cc: Jeff Layton <jlayton@redhat.com> > Cc: Steve French <sfrench@us.ibm.com> > Cc: Marc Dionne <marc.dionne@auristor.com> > Cc: "David S. Miller" <davem@davemloft.net> > Cc: Eric Dumazet <edumazet@google.com> > Cc: Jakub Kicinski <kuba@kernel.org> > Cc: Paolo Abeni <pabeni@redhat.com> > --- > net/dns_resolver/dns_key.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c > index f18ca02aa95a..c42ddd85ff1f 100644 > --- a/net/dns_resolver/dns_key.c > +++ b/net/dns_resolver/dns_key.c > @@ -104,7 +104,7 @@ dns_resolver_preparse(struct key_preparsed_payload *prep) > const struct dns_server_list_v1_header *v1; > > /* It may be a server list. */ > - if (datalen <= sizeof(*v1)) > + if (datalen < sizeof(*v1)) > return -EINVAL; > > v1 = (const struct dns_server_list_v1_header *)data; > >
On Mon, Jan 22, 2024 at 08:32:20AM +0100, Petr Vorel wrote: > From: Sedat Dilek <sedat.dilek@gmail.com> > > On Wed, Jan 10, 2024 at 10:12 PM David Howells <dhowells@redhat.com> wrote: > > > > > > Fix the size check added to dns_resolver_preparse() for the V1 server-list > > header so that it doesn't give EINVAL if the size supplied is the same as > > the size of the header struct (which should be valid). > > > > This can be tested with: > > > > echo -n -e '\0\0\01\xff\0\0' | keyctl padd dns_resolver desc @p > > > > which will give "add_key: Invalid argument" without this fix. > > > > Fixes: 1997b3cb4217 ("keys, dns: Fix missing size check of V1 server-list header") > > [ CC stable@vger.kernel.org ] > > Your (follow-up) patch is now upstream. > > https://git.kernel.org/linus/acc657692aed438e9931438f8c923b2b107aebf9 > > This misses CC: Stable Tag as suggested by Linus. > > Looks like linux-6.1.y and linux-6.6.y needs it, too. > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.6.11&id=da89365158f6f656b28bcdbcbbe9eaf97c63c474 > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.1.72&id=079eefaecfd7bbb8fcc30eccb0dfdf50c91f1805 And 5.10.y and 5.15.y. Now queued up, thanks. greg k-h
diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c index f18ca02aa95a..c42ddd85ff1f 100644 --- a/net/dns_resolver/dns_key.c +++ b/net/dns_resolver/dns_key.c @@ -104,7 +104,7 @@ dns_resolver_preparse(struct key_preparsed_payload *prep) const struct dns_server_list_v1_header *v1; /* It may be a server list. */ - if (datalen <= sizeof(*v1)) + if (datalen < sizeof(*v1)) return -EINVAL; v1 = (const struct dns_server_list_v1_header *)data;