On 2024-01-10 at 10:14:28 +0000, David Howells wrote:
> Pengfei Xu <pengfei.xu@xxxxxxxxx> wrote:
>
> > Bisected info between v6.7-rc7(keyctl05 passed) and v6.7-rc8(keyctl05 failed)
> > is in attached.
> >
> > keyctl05 failed in add_key with type "dns_resolver" syscall step tracked
> > by strace:
> > "
> > [pid 863107] add_key("dns_resolver", "desc", "\0\0\1\377\0", 5, KEY_SPEC_SESSION_KEYRING <unfinished ...>
> > [pid 863106] <... alarm resumed>) = 30
> > [pid 863107] <... add_key resumed>) = -1 EINVAL (Invalid argument)
> > "
>
> It should fail as the payload is actually invalid. The payload specifies a
> version 1 format - and that requires a 6-byte header. The bug the patched
> fixes is that whilst there is a length check for the basic 3-byte header,
> there was no length check for the extended v1 header.
Thanks for description!
>
> > After increased the dns_res_payload to 7 bytes(6 bytes was still failed),
>
> The following doesn't work for you?
>
> echo -n -e '\0\0\01\xff\0\0' | keyctl padd dns_resolver desc @p
I tried as follows, 6 bytes failed and 7 bytes passed:
"
# echo -n -e '\0\0\01\xff\0\0' | keyctl padd dns_resolver desc @p
add_key: Invalid argument
# echo -n -e '\0\0\01\xff\0\0\0' | keyctl padd dns_resolver desc @p
74678921
# uname -r
6.7.0-rc8
"
Thanks!
>
> David
>
