From patchwork Wed Jan 10 21:11:40 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Howells <dhowells@redhat.com>
X-Patchwork-Id: 187087
Return-Path: <linux-kernel+bounces-22806-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7300:2411:b0:101:2151:f287 with SMTP id
 m17csp1057677dyi;
        Wed, 10 Jan 2024 13:12:51 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IFb/k8e+Qud+hvZupKGOh7RE5hevDFRsljYnR6w8r0hLIgQNVsp95iSV/SphSPNxZhamjKQ
X-Received: by 2002:a17:902:6b8c:b0:1d3:bb4b:dc04 with SMTP id
 p12-20020a1709026b8c00b001d3bb4bdc04mr790960plk.17.1704921171370;
        Wed, 10 Jan 2024 13:12:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1704921171; cv=none;
        d=google.com; s=arc-20160816;
        b=o/SZePtjevmsel8RkhGm88itk/LmpRnfdKoeVwW1Cm3mVZ0eAuyijThu0p/Dv04a8Q
         SMAQmfE+rixBjxJgy98grcH/eKuJO+iYmiqqbwyKi05rGlZi/QzSE+zwuTEXlFpCJVGZ
         V8KVdFFatXbZ/dPWDsf1ONDzt9mzypUHWQx5vT4o0WyslmLM/Kv7fCwb+eSH05rM4dtU
         h0LiCVt/19laRE2XvU1GqREvDMju55cUWK3ZYQpJhaSczO69GmrLCCNU+xyrOKoCTu3B
         tsQ7lAN7g89kcBEjFrzIG+iMO129XceZG57+VeU16/UoL1v3L08DvBGRcqtthH2eDbGJ
         52Vw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=message-id:date:content-transfer-encoding:content-id:mime-version
         :list-unsubscribe:list-subscribe:list-id:precedence:subject:cc:to
         :from:organization:dkim-signature;
        bh=gbbBO9lNpJR0MfDA9zvC1wgSIs185cCcwjZiJnDa0wI=;
        fh=fd47gjqPqg9dNLlLbusX6QKe3t2E8/RaoLUpphBAXbQ=;
        b=CCYVCpyMbr/E85i+/6+/W275XdqDvpnpD8mvv17F4z6x++ZQS/GzVlwovsWtD3S19H
         fSSTh6EIpl2K0q37CxIusqazUF1Z9gnsYTi/nPHjOgRwEYxBE+V9OM9DwyAbAbBGMSTq
         pL0yv19X18CjGQlHvUt8fZLnHLpYdt/fVSt7cRQmIxz+MvWdamgQj4pfP6R9JDn54euD
         RwAI1s2rh4gs5omonzl7nypTIYTl10kfCoWEvpWUZ8JZWFQQkU1E2YXrEXpGUzuoKof6
         aQo3QhqeBe9iH9b8S6gKJ9RRVvC9mAdkJhQTmi4eVA6kNLl78QoL7DkTsqep6i5PSt72
         DSZw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=GD1Qp3dz;
       spf=pass (google.com: domain of
 linux-kernel+bounces-22806-ouuuleilei=gmail.com@vger.kernel.org designates
 147.75.48.161 as permitted sender)
 smtp.mailfrom="linux-kernel+bounces-22806-ouuuleilei=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161])
        by mx.google.com with ESMTPS id
 u22-20020a63f656000000b005c65ed0f692si4601069pgj.141.2024.01.10.13.12.50
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 10 Jan 2024 13:12:51 -0800 (PST)
Received-SPF: pass (google.com: domain of
 linux-kernel+bounces-22806-ouuuleilei=gmail.com@vger.kernel.org designates
 147.75.48.161 as permitted sender) client-ip=147.75.48.161;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=GD1Qp3dz;
       spf=pass (google.com: domain of
 linux-kernel+bounces-22806-ouuuleilei=gmail.com@vger.kernel.org designates
 147.75.48.161 as permitted sender)
 smtp.mailfrom="linux-kernel+bounces-22806-ouuuleilei=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 93FD1B2366B
	for <ouuuleilei@gmail.com>; Wed, 10 Jan 2024 21:12:25 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 24C5E4F899;
	Wed, 10 Jan 2024 21:11:56 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="GD1Qp3dz"
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 209084F5EF
	for <linux-kernel@vger.kernel.org>; Wed, 10 Jan 2024 21:11:51 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1704921111;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=gbbBO9lNpJR0MfDA9zvC1wgSIs185cCcwjZiJnDa0wI=;
	b=GD1Qp3dz0kSWpPMIFetsuV5rG5JPGfCrbNIXV1IssPkXuKjkTsVVv+3Sh38GsNQmGQ2lAi
	ziO2zS8/lJ/iGQaw8XiUhOCXor7h4P9E/lpcw+cMbD/ftIgfWnbb0dNu8YNgaLOXoCdXiG
	YfWcoGyv6VxjEIRrp/e59MHSd+zC3+I=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-99-OxrgtCRHNg-my24eDO2Ukg-1; Wed, 10 Jan 2024 16:11:45 -0500
X-MC-Unique: OxrgtCRHNg-my24eDO2Ukg-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
 [10.11.54.3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 421108371C0;
	Wed, 10 Jan 2024 21:11:44 +0000 (UTC)
Received: from warthog.procyon.org.uk (unknown [10.42.28.67])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 795C61121306;
	Wed, 10 Jan 2024 21:11:41 +0000 (UTC)
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley
	Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United
	Kingdom.
	Registered in England and Wales under Company Registration No. 3798903
From: David Howells <dhowells@redhat.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
    Edward Adam Davis <eadavis@qq.com>,
    Pengfei Xu <pengfei.xu@intel.com>
Cc: dhowells@redhat.com, Simon Horman <horms@kernel.org>,
    Markus Suvanto <markus.suvanto@gmail.com>,
    Jeffrey E Altman <jaltman@auristor.com>,
    Marc Dionne <marc.dionne@auristor.com>,
    Wang Lei <wang840925@gmail.com>, Jeff Layton <jlayton@redhat.com>,
    Steve French <smfrench@gmail.com>,
    Jarkko Sakkinen <jarkko@kernel.org>,
    "David S. Miller" <davem@davemloft.net>,
    Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>,
    Paolo Abeni <pabeni@redhat.com>, linux-afs@lists.infradead.org,
    keyrings@vger.kernel.org, linux-cifs@vger.kernel.org,
    linux-nfs@vger.kernel.org, ceph-devel@vger.kernel.org,
    netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org,
    linux-kernel@vger.kernel.org
Subject: [PATCH] keys, dns: Fix size check of V1 server-list header
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-ID: <1850030.1704921100.1@warthog.procyon.org.uk>
Date: Wed, 10 Jan 2024 21:11:40 +0000
Message-ID: <1850031.1704921100@warthog.procyon.org.uk>
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1787739421981987281
X-GMAIL-MSGID: 1787739421981987281

Fix the size check added to dns_resolver_preparse() for the V1 server-list
header so that it doesn't give EINVAL if the size supplied is the same as
the size of the header struct (which should be valid).

This can be tested with:

        echo -n -e '\0\0\01\xff\0\0' | keyctl padd dns_resolver desc @p

which will give "add_key: Invalid argument" without this fix.

Fixes: 1997b3cb4217 ("keys, dns: Fix missing size check of V1 server-list header")
Reported-by: Pengfei Xu <pengfei.xu@intel.com>
Link: https://lore.kernel.org/r/ZZ4fyY4r3rqgZL+4@xpf.sh.intel.com/
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Edward Adam Davis <eadavis@qq.com>
cc: Linus Torvalds <torvalds@linux-foundation.org>
cc: Simon Horman <horms@kernel.org>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Jeffrey E Altman <jaltman@auristor.com>
Cc: Wang Lei <wang840925@gmail.com>
Cc: Jeff Layton <jlayton@redhat.com>
Cc: Steve French <sfrench@us.ibm.com>
Cc: Marc Dionne <marc.dionne@auristor.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
---
 net/dns_resolver/dns_key.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c
index f18ca02aa95a..c42ddd85ff1f 100644
--- a/net/dns_resolver/dns_key.c
+++ b/net/dns_resolver/dns_key.c
@@ -104,7 +104,7 @@ dns_resolver_preparse(struct key_preparsed_payload *prep)
 		const struct dns_server_list_v1_header *v1;
 
 		/* It may be a server list. */
-		if (datalen <= sizeof(*v1))
+		if (datalen < sizeof(*v1))
 			return -EINVAL;
 
 		v1 = (const struct dns_server_list_v1_header *)data;