50 lines
1.5 KiB
Diff
50 lines
1.5 KiB
Diff
From 93c267bfb49267fd94f68c3d014fc5909645de06 Mon Sep 17 00:00:00 2001
|
|
From: Andrea Claudi <aclaudi@redhat.com>
|
|
Date: Sat, 1 May 2021 18:32:29 +0200
|
|
Subject: tipc: bail out if algname is abnormally long
|
|
|
|
tipc segfaults when called with an abnormally long algname:
|
|
|
|
$ tipc node set key 0x1234 algname supercalifragilistichespiralidososupercalifragilistichespiralidoso
|
|
*** buffer overflow detected ***: terminated
|
|
|
|
Fix this returning an error if provided algname is longer than
|
|
TIPC_AEAD_ALG_NAME.
|
|
|
|
Fixes: 24bee3bf9752 ("tipc: add new commands to set TIPC AEAD key")
|
|
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
|
|
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
|
|
Conflict:NA
|
|
Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=93c267bfb49267fd94f68c3d014fc5909645de06
|
|
|
|
---
|
|
tipc/node.c | 9 +++++++--
|
|
1 file changed, 7 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/tipc/node.c b/tipc/node.c
|
|
index ae75bfff7..bf592a074 100644
|
|
--- a/tipc/node.c
|
|
+++ b/tipc/node.c
|
|
@@ -236,10 +236,15 @@ get_ops:
|
|
|
|
/* Get algorithm name, default: "gcm(aes)" */
|
|
opt_algname = get_opt(opts, "algname");
|
|
- if (!opt_algname)
|
|
+ if (!opt_algname) {
|
|
strcpy(input.key.alg_name, "gcm(aes)");
|
|
- else
|
|
+ } else {
|
|
+ if (strlen(opt_algname->val) > TIPC_AEAD_ALG_NAME) {
|
|
+ fprintf(stderr, "error, invalid algname\n");
|
|
+ return -EINVAL;
|
|
+ }
|
|
strcpy(input.key.alg_name, opt_algname->val);
|
|
+ }
|
|
|
|
/* Get node identity */
|
|
opt_nodeid = get_opt(opts, "nodeid");
|
|
--
|
|
cgit 1.2.3-korg
|
|
|