Received: by 2002:a05:7412:7c14:b0:fa:6e18:a558 with SMTP id ii20csp250822rdb; Mon, 22 Jan 2024 03:05:03 -0800 (PST) X-Google-Smtp-Source: AGHT+IEKN5byIfgyvi8HKHSQRJY/USPmwQ+iQQvTFRkNgY171YL1fowPcOnqC26yLEFdAup/7ImF X-Received: by 2002:a05:622a:198b:b0:42a:3263:2a42 with SMTP id u11-20020a05622a198b00b0042a32632a42mr5181351qtc.25.1705921502977; Mon, 22 Jan 2024 03:05:02 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705921502; cv=pass; d=google.com; s=arc-20160816; b=l00RfPphVYfgh601Jr5qhKqCNlUuZZuQo1EfWtgmpn4Wgant3i6CiJ/WDaqUx8HLkw AtXBxQzPDKXc1n+VZPFbuscAJH2We3yAYywq3oA91Pz9mIVHqqQvGvqBVzF8AY4hN0Cj VKuGG9KI0/a6jbXNHd29JxNhbadr0MjhfBKlDPwnu1Xh65aVIg5Y6+q6BwL/IUFHyfbo MKxOYOO5KqzOxG/zleU2hO0OtoVwDm82+ZFjo3KxHY2rwd1Oj0sbQvTQa2mS0Jm18SqQ kVsoGKGAP86lcraePpuOs7UXcR+REeWW0pfFzFQRThtV1XFcjB3ush5VzAPECJS3aP3G PpwQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :reply-to:in-reply-to:references:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=XEM8HK9MzMAP7SMXuKJPDZgtk2XEhhSMXfxWrnbRBa0=; fh=U1VNt8caEDm7/68XFvZG1PBSYBEyY40HSyOpzht67do=; b=GFqt2jRmLjbau84XdZPGVQ8SaaELwTbQSPZ0J2ys6IrRrwf6MJZEVBdkd/iKRLrZ0c fSZVR+H6yps1JWpIzie5wCbyKbChWgowINRWjfyappALLkCs6h5gdTu+ZXB6OY8QJ1y+ SOpSNjHCkMsOouJt961OG2j67YsILDRUvYly2xYKnsSviybUAsPDLLzlgfPQRlpXfbW1 GGfWjHGQUaigrgo4jTzRn0kyOVuMLjSf+1snZ74I7wRn/LTNQfFormxATz4O72Ji5iAl a/y3lkS3cquAydCSAJrEhNUdJZgNlWvkyDiIfm+o+dNET2mUtVVvUFy2AAoIZqWLM7fJ MjtA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=T7Kuibwb; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-nfs+bounces-1218-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-nfs+bounces-1218-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id s9-20020a05622a018900b0042a4622deb1si446475qtw.795.2024.01.22.03.05.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 03:05:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs+bounces-1218-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=T7Kuibwb; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-nfs+bounces-1218-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-nfs+bounces-1218-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 050AD1C261B3 for ; Mon, 22 Jan 2024 11:02:34 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 33A193A8C2; Mon, 22 Jan 2024 11:02:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="T7Kuibwb" X-Original-To: linux-nfs@vger.kernel.org Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com [209.85.167.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4A0153A27B; Mon, 22 Jan 2024 11:02:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.49 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705921343; cv=none; b=jaVFNgQbGWXck2PIpES4CuQ5BteoAWeyI5TAkfH6guxeyWQKReNPwlK52OTuLyGLNYXr5bgHMV5AlLY5c4YXYTxCSo7t1hb8lidnWbF17quJLP5XjHDfxZSNIwY7iWmZYPfqUbDjQV6+om55H8sj6X/TC6Z0HfI3M9AYX/aXHAE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705921343; c=relaxed/simple; bh=8gUsGOjD9YP0iDHyZAGJHZMPpDKBiz7lZX9fJx+/4G0=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=pMGZKkO+Wi07XljWadnvsFqpXajyKUgywxFKu0BitbqAQ24cxCWEIMuSK+zWem8u7WKgJICx3loV5KI7HJj2qoTZQ6/YYVChdwU8+n2zXNAT9Xk3cCJTvNYSztU6kQgCZgirPk6ugq2EPdCdo2t2tz4/ZqebLRuFxpQ6bjog5Tg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=T7Kuibwb; arc=none smtp.client-ip=209.85.167.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-lf1-f49.google.com with SMTP id 2adb3069b0e04-50eabbc3dccso3570815e87.2; Mon, 22 Jan 2024 03:02:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705921338; x=1706526138; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :reply-to:in-reply-to:references:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=XEM8HK9MzMAP7SMXuKJPDZgtk2XEhhSMXfxWrnbRBa0=; b=T7KuibwbwocLAL6YfitQzuS+Zgpfo86G3GlFYE0T2YHlIooCJV5EqSboxJmGSIiKn0 yc8C5vupj8hWxv/MYAJpOhb0f2oMDxPxEep+3jhJoq18JgXUvWjkOdwcuEHUZ0s7w4FC k6/kN2DW0OpvgG3GJnFbm0AdPupBNEnRCpDI8Gr7tsK02Db8352+ocp86DGrFNLgW6Zk 1NMu1UEJdBf7EIcbZdDsKNUn1E65CZdZNFxeNJx4ncOMWKcmmtMI5hfFvtcfctAHs9h5 RiMgew2W/jRm36Z76oBjr5P/JFGOlZCu3j4r0tP4eu6XD61RkaQGKilGETnHteD/5zkp zwMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705921338; x=1706526138; h=content-transfer-encoding:cc:to:subject:message-id:date:from :reply-to:in-reply-to:references:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=XEM8HK9MzMAP7SMXuKJPDZgtk2XEhhSMXfxWrnbRBa0=; b=Ny1crkLzIgskOJ25MfuM/6fEX2VDWtBfYjgqb0+jwR1OVRaAwGveWXNH74+ufkee8s qg5CEmsrho5+zQsYcBYCG+3Ypw4nSOOcXBOjvSiPuiErit8aZTQrN00wI6ccPl5Itwe+ utD28Hj244uCdBuCeafS4ItYwjvdOsJ9Dsqti6ysMQW3AWuEhpJK3/kmuE5n4ontT/p0 Cr001taRh47690SLxei0ukgeHZsc+4/2e3JHp/y0E0QpK2cijUmOX/59cZbo7PQqXl0t 6Yn4C9eibe48w0HdgxIAiEr2w5cxHWinXfoo01K6LuTUl16y9Id5Dn5yYrLMb/GFVb0e spJg== X-Gm-Message-State: AOJu0Yz5wzHkeAHH1VxNpSQ39pkcW3nbp3pVc53NliGw4dN+X5etEghG tvxYPFk0v6BPnO0L+VQLFqMeIbdYg7DHYF+1KYXHuMd4zVISTHjJeB9qlZHrvguLKisJVaipSZB exRTSLj1QODiGuFGyVqMLl1eVm/o= X-Received: by 2002:ac2:5e76:0:b0:50e:7b34:c18a with SMTP id a22-20020ac25e76000000b0050e7b34c18amr620208lfr.111.1705921337901; Mon, 22 Jan 2024 03:02:17 -0800 (PST) Precedence: bulk X-Mailing-List: linux-nfs@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <1850031.1704921100@warthog.procyon.org.uk> In-Reply-To: Reply-To: sedat.dilek@gmail.com From: Sedat Dilek Date: Mon, 22 Jan 2024 12:01:41 +0100 Message-ID: Subject: Re: [PATCH] keys, dns: Fix size check of V1 server-list header To: sedat.dilek@gmail.com Cc: David Howells , ceph-devel@vger.kernel.org, davem@davemloft.net, eadavis@qq.com, edumazet@google.com, horms@kernel.org, jaltman@auristor.com, jarkko@kernel.org, jlayton@redhat.com, keyrings@vger.kernel.org, kuba@kernel.org, linux-afs@lists.infradead.org, linux-cifs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org, marc.dionne@auristor.com, markus.suvanto@gmail.com, netdev@vger.kernel.org, pabeni@redhat.com, pengfei.xu@intel.com, smfrench@gmail.com, stable@vger.kernel.org, torvalds@linux-foundation.org, wang840925@gmail.com, sashal@kernel.org, gregkh@linuxfoundation.org, pvorel@suse.cz Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Jan 22, 2024 at 8:33=E2=80=AFAM Petr Vorel wrote: > > From: Sedat Dilek > > On Wed, Jan 10, 2024 at 10:12=E2=80=AFPM David Howells wrote: > > > > > > Fix the size check added to dns_resolver_preparse() for the V1 server-l= ist > > header so that it doesn't give EINVAL if the size supplied is the same = as > > the size of the header struct (which should be valid). > > > > This can be tested with: > > > > echo -n -e '\0\0\01\xff\0\0' | keyctl padd dns_resolver desc @p > > > > which will give "add_key: Invalid argument" without this fix. > > > > Fixes: 1997b3cb4217 ("keys, dns: Fix missing size check of V1 server-li= st header") > > [ CC stable@vger.kernel.org ] > > Your (follow-up) patch is now upstream. > > https://git.kernel.org/linus/acc657692aed438e9931438f8c923b2b107aebf9 > > This misses CC: Stable Tag as suggested by Linus. > > Looks like linux-6.1.y and linux-6.6.y needs it, too. > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?= h=3Dv6.6.11&id=3Dda89365158f6f656b28bcdbcbbe9eaf97c63c474 > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?= h=3Dv6.1.72&id=3D079eefaecfd7bbb8fcc30eccb0dfdf50c91f1805 > > BG, > -Sedat- > > Hi Greg, Sasa, > > could you please add this also to linux-6.1.y and linux-6.6.y? (Easily > applicable to both, needed for both.) Or is there any reason why it's not > being added? > Great! I forgot to CC Greg and Sasha directly. Thanks. BG, -Sedat- > Kind regards, > Petr > > > Reported-by: Pengfei Xu > > Link: https://lore.kernel.org/r/ZZ4fyY4r3rqgZL+4@xpf.sh.intel.com/ > > Signed-off-by: David Howells > > cc: Edward Adam Davis > > cc: Linus Torvalds > > cc: Simon Horman > > Cc: Jarkko Sakkinen > > Cc: Jeffrey E Altman > > Cc: Wang Lei > > Cc: Jeff Layton > > Cc: Steve French > > Cc: Marc Dionne > > Cc: "David S. Miller" > > Cc: Eric Dumazet > > Cc: Jakub Kicinski > > Cc: Paolo Abeni > > --- > > net/dns_resolver/dns_key.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c > > index f18ca02aa95a..c42ddd85ff1f 100644 > > --- a/net/dns_resolver/dns_key.c > > +++ b/net/dns_resolver/dns_key.c > > @@ -104,7 +104,7 @@ dns_resolver_preparse(struct key_preparsed_payload = *prep) > > const struct dns_server_list_v1_header *v1; > > > > /* It may be a server list. */ > > - if (datalen <=3D sizeof(*v1)) > > + if (datalen < sizeof(*v1)) > > return -EINVAL; > > > > v1 =3D (const struct dns_server_list_v1_header *)data; > > > > >