|
30 | 30 |
|
31 | 31 | #include "internal.h"
|
32 | 32 |
|
| 33 | +#define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x)) |
| 34 | + |
33 | 35 | static DEFINE_MUTEX(crypto_cfg_mutex);
|
34 | 36 |
|
35 | 37 | /* The crypto netlink socket */
|
@@ -196,6 +198,9 @@ static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
|
196 | 198 | struct crypto_dump_info info;
|
197 | 199 | int err;
|
198 | 200 |
|
| 201 | + if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) |
| 202 | + return -EINVAL; |
| 203 | + |
199 | 204 | if (!p->cru_driver_name[0])
|
200 | 205 | return -EINVAL;
|
201 | 206 |
|
@@ -260,6 +265,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
|
260 | 265 | struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
|
261 | 266 | LIST_HEAD(list);
|
262 | 267 |
|
| 268 | + if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) |
| 269 | + return -EINVAL; |
| 270 | + |
263 | 271 | if (priority && !strlen(p->cru_driver_name))
|
264 | 272 | return -EINVAL;
|
265 | 273 |
|
@@ -287,6 +295,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
|
287 | 295 | struct crypto_alg *alg;
|
288 | 296 | struct crypto_user_alg *p = nlmsg_data(nlh);
|
289 | 297 |
|
| 298 | + if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) |
| 299 | + return -EINVAL; |
| 300 | + |
290 | 301 | alg = crypto_alg_match(p, 1);
|
291 | 302 | if (!alg)
|
292 | 303 | return -ENOENT;
|
@@ -368,6 +379,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
|
368 | 379 | struct crypto_user_alg *p = nlmsg_data(nlh);
|
369 | 380 | struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
|
370 | 381 |
|
| 382 | + if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) |
| 383 | + return -EINVAL; |
| 384 | + |
371 | 385 | if (strlen(p->cru_driver_name))
|
372 | 386 | exact = 1;
|
373 | 387 |
|
|
0 commit comments