Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp1242884rdd; Wed, 10 Jan 2024 13:12:37 -0800 (PST) X-Google-Smtp-Source: AGHT+IGZxBa0HCIK2J5AkoZmIHF39AEygO2f+9lZJZXmMCeehETByDF7Aq8yt6Qw80P/Q9Ax0Sn3 X-Received: by 2002:a17:902:e808:b0:1d5:5844:6d66 with SMTP id u8-20020a170902e80800b001d558446d66mr1055462plg.43.1704921156907; Wed, 10 Jan 2024 13:12:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704921156; cv=none; d=google.com; s=arc-20160816; b=QW4tjiv9zVgJU0XEgMjODFDTGn1GXlkD9e8QAnsAH70l/y6XOSG5Sjnc0o6+pk6VZi 33n3b27cfGaCRV6uHBcIk2HlG9HEjcsZCjyG7Dq/YGU7DQC/FxBJv1dpPMcSK6WX38eF kkvcL1HMat7KeZS0aAi/mhEvwdb0i75hEm6C/Y2O4nqjOyLYoa3AiYPEERldgEi+b0AJ Emrsssz7BHWwNAfPUCVxZhoIv9MnZ3bP21NpoIyVoR8PJsxIBuZeCNS9idWMLHmtEPjB vDr5M0B/dlf8g4w/uLf1WH7vXml6pj8xx4lITcwn3/DSacXWNcEt8sTEEEcuQkoMx6yW eH1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:content-transfer-encoding:content-id:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:subject:cc:to :from:organization:dkim-signature; bh=gbbBO9lNpJR0MfDA9zvC1wgSIs185cCcwjZiJnDa0wI=; fh=fd47gjqPqg9dNLlLbusX6QKe3t2E8/RaoLUpphBAXbQ=; b=CCYVCpyMbr/E85i+/6+/W275XdqDvpnpD8mvv17F4z6x++ZQS/GzVlwovsWtD3S19H fSSTh6EIpl2K0q37CxIusqazUF1Z9gnsYTi/nPHjOgRwEYxBE+V9OM9DwyAbAbBGMSTq pL0yv19X18CjGQlHvUt8fZLnHLpYdt/fVSt7cRQmIxz+MvWdamgQj4pfP6R9JDn54euD RwAI1s2rh4gs5omonzl7nypTIYTl10kfCoWEvpWUZ8JZWFQQkU1E2YXrEXpGUzuoKof6 aQo3QhqeBe9iH9b8S6gKJ9RRVvC9mAdkJhQTmi4eVA6kNLl78QoL7DkTsqep6i5PSt72 DSZw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=GD1Qp3dz; spf=pass (google.com: domain of linux-kernel+bounces-22806-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-22806-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id w16-20020a1709029a9000b001d42a95ec21si4262844plp.365.2024.01.10.13.12.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Jan 2024 13:12:36 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-22806-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=GD1Qp3dz; spf=pass (google.com: domain of linux-kernel+bounces-22806-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-22806-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 4F6E3B21E09 for ; Wed, 10 Jan 2024 21:12:16 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4DC054F887; Wed, 10 Jan 2024 21:11:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="GD1Qp3dz" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 209084F5EF for ; Wed, 10 Jan 2024 21:11:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1704921111; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gbbBO9lNpJR0MfDA9zvC1wgSIs185cCcwjZiJnDa0wI=; b=GD1Qp3dz0kSWpPMIFetsuV5rG5JPGfCrbNIXV1IssPkXuKjkTsVVv+3Sh38GsNQmGQ2lAi ziO2zS8/lJ/iGQaw8XiUhOCXor7h4P9E/lpcw+cMbD/ftIgfWnbb0dNu8YNgaLOXoCdXiG YfWcoGyv6VxjEIRrp/e59MHSd+zC3+I= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-99-OxrgtCRHNg-my24eDO2Ukg-1; Wed, 10 Jan 2024 16:11:45 -0500 X-MC-Unique: OxrgtCRHNg-my24eDO2Ukg-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 421108371C0; Wed, 10 Jan 2024 21:11:44 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.42.28.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id 795C61121306; Wed, 10 Jan 2024 21:11:41 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells To: Linus Torvalds , Edward Adam Davis , Pengfei Xu Cc: dhowells@redhat.com, Simon Horman , Markus Suvanto , Jeffrey E Altman , Marc Dionne , Wang Lei , Jeff Layton , Steve French , Jarkko Sakkinen , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , linux-afs@lists.infradead.org, keyrings@vger.kernel.org, linux-cifs@vger.kernel.org, linux-nfs@vger.kernel.org, ceph-devel@vger.kernel.org, netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] keys, dns: Fix size check of V1 server-list header Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <1850030.1704921100.1@warthog.procyon.org.uk> Content-Transfer-Encoding: quoted-printable Date: Wed, 10 Jan 2024 21:11:40 +0000 Message-ID: <1850031.1704921100@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3 = Fix the size check added to dns_resolver_preparse() for the V1 server-list header so that it doesn't give EINVAL if the size supplied is the same as the size of the header struct (which should be valid). This can be tested with: echo -n -e '\0\0\01\xff\0\0' | keyctl padd dns_resolver desc @p which will give "add_key: Invalid argument" without this fix. Fixes: 1997b3cb4217 ("keys, dns: Fix missing size check of V1 server-list = header") Reported-by: Pengfei Xu Link: https://lore.kernel.org/r/ZZ4fyY4r3rqgZL+4@xpf.sh.intel.com/ Signed-off-by: David Howells cc: Edward Adam Davis cc: Linus Torvalds cc: Simon Horman Cc: Jarkko Sakkinen Cc: Jeffrey E Altman Cc: Wang Lei Cc: Jeff Layton Cc: Steve French Cc: Marc Dionne Cc: "David S. Miller" Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni --- net/dns_resolver/dns_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c index f18ca02aa95a..c42ddd85ff1f 100644 --- a/net/dns_resolver/dns_key.c +++ b/net/dns_resolver/dns_key.c @@ -104,7 +104,7 @@ dns_resolver_preparse(struct key_preparsed_payload *pr= ep) const struct dns_server_list_v1_header *v1; = /* It may be a server list. */ - if (datalen <=3D sizeof(*v1)) + if (datalen < sizeof(*v1)) return -EINVAL; = v1 =3D (const struct dns_server_list_v1_header *)data;