The buffer 'derived_buf' in the function get_derived_key() must be
allocated dynamically in order to make room for an arbitrary length
master key.
Signed-off-by: Roberto Sassu <[email protected]>
---
security/keys/encrypted_defined.c | 15 +++++++++++++--
1 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/security/keys/encrypted_defined.c b/security/keys/encrypted_defined.c
index 5331925..65d9b13 100644
--- a/security/keys/encrypted_defined.c
+++ b/security/keys/encrypted_defined.c
@@ -289,10 +289,20 @@ enum derived_key_type { ENC_KEY, AUTH_KEY };
static int get_derived_key(char *derived_key, enum derived_key_type key_type,
void *master_key, unsigned int master_keylen)
{
- char derived_buf[hash_size + 10];
+ char *derived_buf;
int ret;
+ unsigned int derived_buf_len;
+
+ derived_buf_len = strlen("AUTH_KEY") + 1 + master_keylen;
+ if (derived_buf_len < hash_size)
+ derived_buf_len = hash_size;
+
+ derived_buf = kzalloc(derived_buf_len, GFP_KERNEL);
+ if (!derived_buf) {
+ pr_err("encrypted_key: out of memory\n");
+ return -ENOMEM;
+ }
- memset(derived_buf, 0, sizeof derived_buf);
if (key_type)
strcpy(derived_buf, "AUTH_KEY");
else
@@ -301,6 +311,7 @@ static int get_derived_key(char *derived_key, enum derived_key_type key_type,
memcpy(derived_buf + strlen(derived_buf) + 1, master_key,
master_keylen);
ret = calc_hash(derived_key, derived_buf, sizeof derived_buf);
+ kfree(derived_buf);
return ret;
}
--
1.7.2.3
On Tue, 2010-11-02 at 10:30 +0100, Roberto Sassu wrote:
> The buffer 'derived_buf' in the function get_derived_key() must be
> allocated dynamically in order to make room for an arbitrary length
> master key.
>
> Signed-off-by: Roberto Sassu <[email protected]>
> ---
> security/keys/encrypted_defined.c | 15 +++++++++++++--
> 1 files changed, 13 insertions(+), 2 deletions(-)
>
> diff --git a/security/keys/encrypted_defined.c b/security/keys/encrypted_defined.c
> index 5331925..65d9b13 100644
> --- a/security/keys/encrypted_defined.c
> +++ b/security/keys/encrypted_defined.c
> @@ -289,10 +289,20 @@ enum derived_key_type { ENC_KEY, AUTH_KEY };
> static int get_derived_key(char *derived_key, enum derived_key_type key_type,
> void *master_key, unsigned int master_keylen)
> {
> - char derived_buf[hash_size + 10];
> + char *derived_buf;
> int ret;
> + unsigned int derived_buf_len;
> +
> + derived_buf_len = strlen("AUTH_KEY") + 1 + master_keylen;
> + if (derived_buf_len < hash_size)
> + derived_buf_len = hash_size;
> +
> + derived_buf = kzalloc(derived_buf_len, GFP_KERNEL);
> + if (!derived_buf) {
> + pr_err("encrypted_key: out of memory\n");
> + return -ENOMEM;
> + }
>
> - memset(derived_buf, 0, sizeof derived_buf);
Thanks Roberto!
> if (key_type)
> strcpy(derived_buf, "AUTH_KEY");
> else
> @@ -301,6 +311,7 @@ static int get_derived_key(char *derived_key, enum derived_key_type key_type,
> memcpy(derived_buf + strlen(derived_buf) + 1, master_key,
> master_keylen);
> ret = calc_hash(derived_key, derived_buf, sizeof derived_buf);
> + kfree(derived_buf);
> return ret;
> }
>
Yes, and the length in calc_hash() would then need to be
derived_buf_len.
thanks,
Mimi