diff options
| author | Mathias Krause <minipli@googlemail.com> | 2013-02-05 12:19:15 -0500 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2013-02-19 07:27:04 -0500 |
| commit | 8fd61d34226014fe7886babfca6f45a7eff89d25 (patch) | |
| tree | f20387d290768d8989ddf9263f8757acdd8447fc /crypto | |
| parent | e336ed9647b06e3bb52995dbc51101cbdf39f2a2 (diff) | |
crypto: user - ensure user supplied strings are nul-terminated
To avoid misuse, ensure cru_name and cru_driver_name are always
nul-terminated strings.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/crypto_user.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c index 423a267022f4..dfd511fb39ee 100644 --- a/crypto/crypto_user.c +++ b/crypto/crypto_user.c | |||
| @@ -30,6 +30,8 @@ | |||
| 30 | 30 | ||
| 31 | #include "internal.h" | 31 | #include "internal.h" |
| 32 | 32 | ||
| 33 | #define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x)) | ||
| 34 | |||
| 33 | static DEFINE_MUTEX(crypto_cfg_mutex); | 35 | static DEFINE_MUTEX(crypto_cfg_mutex); |
| 34 | 36 | ||
| 35 | /* The crypto netlink socket */ | 37 | /* The crypto netlink socket */ |
| @@ -196,6 +198,9 @@ static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh, | |||
| 196 | struct crypto_dump_info info; | 198 | struct crypto_dump_info info; |
| 197 | int err; | 199 | int err; |
| 198 | 200 | ||
| 201 | if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) | ||
| 202 | return -EINVAL; | ||
| 203 | |||
| 199 | if (!p->cru_driver_name[0]) | 204 | if (!p->cru_driver_name[0]) |
| 200 | return -EINVAL; | 205 | return -EINVAL; |
| 201 | 206 | ||
| @@ -260,6 +265,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 260 | struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; | 265 | struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; |
| 261 | LIST_HEAD(list); | 266 | LIST_HEAD(list); |
| 262 | 267 | ||
| 268 | if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) | ||
| 269 | return -EINVAL; | ||
| 270 | |||
| 263 | if (priority && !strlen(p->cru_driver_name)) | 271 | if (priority && !strlen(p->cru_driver_name)) |
| 264 | return -EINVAL; | 272 | return -EINVAL; |
| 265 | 273 | ||
| @@ -287,6 +295,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 287 | struct crypto_alg *alg; | 295 | struct crypto_alg *alg; |
| 288 | struct crypto_user_alg *p = nlmsg_data(nlh); | 296 | struct crypto_user_alg *p = nlmsg_data(nlh); |
| 289 | 297 | ||
| 298 | if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) | ||
| 299 | return -EINVAL; | ||
| 300 | |||
| 290 | alg = crypto_alg_match(p, 1); | 301 | alg = crypto_alg_match(p, 1); |
| 291 | if (!alg) | 302 | if (!alg) |
| 292 | return -ENOENT; | 303 | return -ENOENT; |
| @@ -368,6 +379,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 368 | struct crypto_user_alg *p = nlmsg_data(nlh); | 379 | struct crypto_user_alg *p = nlmsg_data(nlh); |
| 369 | struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; | 380 | struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; |
| 370 | 381 | ||
| 382 | if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) | ||
| 383 | return -EINVAL; | ||
| 384 | |||
| 371 | if (strlen(p->cru_driver_name)) | 385 | if (strlen(p->cru_driver_name)) |
| 372 | exact = 1; | 386 | exact = 1; |
| 373 | 387 | ||