iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Eric Biggers a1e25420a4 libceph: don't WARN() if user tries to add invalid key 
commit b11270853fa3654f08d4a6a03b23ddb220512d8d upstream.

The WARN_ON(!key->len) in set_secret() in net/ceph/crypto.c is hit if a
user tries to add a key of type "ceph" with an invalid payload as
follows (assuming CONFIG_CEPH_LIB=y):

    echo -e -n '\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \
	| keyctl padd ceph desc @s

This can be hit by fuzzers.  As this is merely bad input and not a
kernel bug, replace the WARN_ON() with return -EINVAL.

Fixes: 7af3ea189a9a ("libceph: stop allocating a new cipher on every crypto request")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-30 08:39:03 +00:00
..
6lowpan
6lowpan: ndisc: no overreact if no short address is available
2016-09-19 20:19:34 +02:00
9p
p9_client_readdir() fix
2017-05-03 08:36:38 -07:00
802
8021q
vlan: fix a use-after-free in vlan_device_event()
2017-11-24 08:33:41 +01:00
appletalk
appletalk: use IS_ENABLED() instead of checking for built-in or module
2016-09-10 21:19:10 -07:00
atm
lec: use IS_ENABLED() instead of checking for built-in or module
2016-09-10 21:19:10 -07:00
ax25
ax25: Fix segfault after sock connection timeout
2017-02-04 09:47:09 +01:00
batman-adv
batman-adv: Check for alloc errors when preparing TT local data
2016-12-02 10:46:59 +01:00
bluetooth
Bluetooth: Properly check L2CAP config option output buffer length
2017-09-13 14:13:36 -07:00
bridge
bridge: netlink: register netdevice before executing changelink
2017-10-08 10:26:08 +02:00
caif
net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx
2017-07-05 14:40:14 +02:00
can
can: Fix kernel panic at security_sock_rcv_skb
2017-02-18 15:11:40 +01:00
ceph
libceph: don't WARN() if user tries to add invalid key
2017-11-30 08:39:03 +00:00
core
netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
2017-11-24 08:33:40 +01:00
dcb
net: dcb: set error code on failures
2016-12-03 23:54:25 -05:00
dccp
tcp/dccp: fix other lockdep splats accessing ireq_opt
2017-11-18 11:22:22 +01:00
decnet
decnet: always not take dst->__refcnt when inserting dst into hash table
2017-07-05 14:40:16 +02:00
dns_resolver
KEYS: Fix race between updating and finding a negative key
2017-10-27 10:38:11 +02:00
dsa
net: dsa: select NET_SWITCHDEV
2017-11-15 15:53:17 +01:00
ethernet
net: introduce device min_header_len
2017-02-18 15:11:43 +01:00
hsr
net/hsr: Remove unused but set variable
2016-10-18 10:28:18 -04:00
ieee802154
Revert "net: fix percpu memory leaks"
2017-09-20 08:19:55 +02:00
ipv4
tcp: do not mangle skb->cb[] in tcp_make_synack()
2017-11-24 08:33:40 +01:00
ipv6
ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER
2017-11-30 08:39:01 +00:00
ipx
ipx: call ipxitf_put() in ioctl error path
2017-05-25 15:44:41 +02:00
irda
irda: do not leak initialized list.dev to userspace
2017-08-30 10:21:42 +02:00
iucv
net/af_iucv: don't use paged skbs for TX on HiperSockets
2017-01-19 20:18:04 +01:00
kcm
kcm: do not attach PF_KCM sockets to avoid deadlock
2017-09-20 08:19:55 +02:00
key
af_key: do not use GFP_KERNEL in atomic contexts
2017-08-30 10:21:38 +02:00
l2tp
l2tp: check ps->sock before running pppol2tp_session_ioctl()
2017-11-18 11:22:21 +01:00
l3mdev
net: ipv6: Remove l3mdev_get_saddr6
2016-09-10 23:12:53 -07:00
lapb
net/lapb: tuse %*ph to dump buffers
2016-05-29 22:33:25 -07:00
llc
net/llc: avoid BUG_ON() in skb_orphan()
2017-02-26 11:10:50 +01:00
mac80211
mac80211: don't compare TKIP TX MIC key in reinstall prevention
2017-11-18 11:22:24 +01:00
mac802154
mac802154: use rate limited warnings for malformed frames
2016-09-19 20:19:34 +02:00
mpls
mpls: Do not decrement alive counter for unregister events
2017-03-22 12:43:34 +01:00
ncsi
net/ncsi: Improve HNCDSC AEN handler
2016-10-20 11:23:08 -04:00
netfilter
netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable"
2017-11-18 11:22:24 +01:00
netlabel
netlabel: Implement CALIPSO config functions for SMACK.
2016-06-27 15:06:18 -04:00
netlink
af_netlink: ensure that NLMSG_DONE never fails in dumps
2017-11-24 08:33:41 +01:00
netrom
nfc
NFC: Add sockaddr length checks before accessing sa_family in bind handlers
2017-07-27 15:07:56 -07:00
openvswitch
openvswitch: fix skb_panic due to the incorrect actions attrlen
2017-08-30 10:21:40 +02:00
packet
packet: avoid panic in packet_getsockopt()
2017-11-18 11:22:22 +01:00
phonet
qrtr
Merge tag 'qcom-soc-for-4.7-2' into net-next
2016-05-17 14:11:19 -04:00
rds
rds: ib: add error handle
2017-10-08 10:26:10 +02:00
rfkill
rose
rose: limit sk_filter trim to payload
2016-07-13 11:53:40 -07:00
rxrpc
rxrpc: Fix several cases where a padded len isn't checked in ticket decode
2017-06-29 13:00:31 +02:00
sched
net_sched: avoid matching qdisc with zero handle
2017-11-18 11:22:23 +01:00
sctp
net/sctp: Always set scope_id in sctp_inet6_skb_msgname
2017-11-24 08:33:41 +01:00
strparser
strparser: destroy workqueue on module exit
2017-03-22 12:43:33 +01:00
sunrpc
NFSv4: Fix callback server shutdown
2017-09-27 14:39:18 +02:00
switchdev
switchdev: Execute bridge ndos only for bridge ports
2016-10-19 10:58:04 -04:00
tipc
tipc: use only positive error codes in messages
2017-10-12 11:51:23 +02:00
unix
net/unix: don't show information about sockets from other namespaces
2017-11-18 11:22:22 +01:00
vmw_vsock
vsock: use new wait API for vsock_stream_sendmsg()
2017-11-30 08:39:01 +00:00
wimax
wireless
cfg80211: fix connect/disconnect edge cases
2017-11-02 09:49:15 +01:00
x25
net: x25: remove null checks on arrays calling_ae and called_ae
2016-09-09 18:13:30 -07:00
xfrm
ipsec: Fix aborted xfrm policy dump crash
2017-11-02 09:49:15 +01:00
compat.c
audit: log 32-bit socketcalls
2017-10-08 10:26:06 +02:00
Kconfig
strparser: Stream parser for messages
2016-08-17 19:36:23 -04:00
Makefile
strparser: Stream parser for messages
2016-08-17 19:36:23 -04:00
socket.c
net: socket: fix recvmmsg not returning error from sock_error
2017-02-26 11:10:51 +01:00
sysctl_net.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2016-10-06 09:52:23 -07:00