Skip to content

Commit 8fd61d3

Browse files
minipliherbertx
authored andcommitted
crypto: user - ensure user supplied strings are nul-terminated
To avoid misuse, ensure cru_name and cru_driver_name are always nul-terminated strings. Signed-off-by: Mathias Krause <[email protected]> Signed-off-by: Herbert Xu <[email protected]>
1 parent e336ed9 commit 8fd61d3

File tree

1 file changed

+14
-0
lines changed

1 file changed

+14
-0
lines changed

crypto/crypto_user.c

+14
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,8 @@
3030

3131
#include "internal.h"
3232

33+
#define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x))
34+
3335
static DEFINE_MUTEX(crypto_cfg_mutex);
3436

3537
/* The crypto netlink socket */
@@ -196,6 +198,9 @@ static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
196198
struct crypto_dump_info info;
197199
int err;
198200

201+
if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
202+
return -EINVAL;
203+
199204
if (!p->cru_driver_name[0])
200205
return -EINVAL;
201206

@@ -260,6 +265,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
260265
struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
261266
LIST_HEAD(list);
262267

268+
if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
269+
return -EINVAL;
270+
263271
if (priority && !strlen(p->cru_driver_name))
264272
return -EINVAL;
265273

@@ -287,6 +295,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
287295
struct crypto_alg *alg;
288296
struct crypto_user_alg *p = nlmsg_data(nlh);
289297

298+
if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
299+
return -EINVAL;
300+
290301
alg = crypto_alg_match(p, 1);
291302
if (!alg)
292303
return -ENOENT;
@@ -368,6 +379,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
368379
struct crypto_user_alg *p = nlmsg_data(nlh);
369380
struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
370381

382+
if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
383+
return -EINVAL;
384+
371385
if (strlen(p->cru_driver_name))
372386
exact = 1;
373387

0 commit comments

Comments
 (0)