Re: [PATCH] keys, dns: Fix missing size check of V1 server-list header

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Pengfei Xu <pengfei.xu@xxxxxxxxx> wrote:

>   Bisected info between v6.7-rc7(keyctl05 passed) and v6.7-rc8(keyctl05 failed)
> is in attached.
> 
> keyctl05 failed in add_key with type "dns_resolver" syscall step tracked
> by strace:
> "
> [pid 863107] add_key("dns_resolver", "desc", "\0\0\1\377\0", 5, KEY_SPEC_SESSION_KEYRING <unfinished ...>
> [pid 863106] <... alarm resumed>)       = 30
> [pid 863107] <... add_key resumed>)     = -1 EINVAL (Invalid argument)
> "

It should fail as the payload is actually invalid.  The payload specifies a
version 1 format - and that requires a 6-byte header.  The bug the patched
fixes is that whilst there is a length check for the basic 3-byte header,
there was no length check for the extended v1 header.

> After increased the dns_res_payload to 7 bytes(6 bytes was still failed),

The following doesn't work for you?

	echo -n -e '\0\0\01\xff\0\0' | keyctl padd dns_resolver desc @p

David






[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux