matthias
/
iproute2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

tipc: bail out if algname is abnormally long 

tipc segfaults when called with an abnormally long algname:

$ tipc node set key 0x1234 algname supercalifragilistichespiralidososupercalifragilistichespiralidoso
*** buffer overflow detected ***: terminated

Fix this returning an error if provided algname is longer than
TIPC_AEAD_ALG_NAME.

Fixes: 24bee3bf97 ("tipc: add new commands to set TIPC AEAD key")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
This commit is contained in:
Andrea Claudi 2021-05-01 18:32:29 +02:00 committed by David Ahern
parent 459f280813
commit 93c267bfb4
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tipc/node.c
View File

@ -236,10 +236,15 @@ get_ops:
/* Get algorithm name, default: "gcm(aes)" */
opt_algname = get_opt(opts, "algname");
if (!opt_algname)
if (!opt_algname) {
strcpy(input.key.alg_name, "gcm(aes)");
else
} else {
if (strlen(opt_algname->val) > TIPC_AEAD_ALG_NAME) {
fprintf(stderr, "error, invalid algname\n");
return -EINVAL;
}
strcpy(input.key.alg_name, opt_algname->val);
}
/* Get node identity */
opt_nodeid = get_opt(opts, "nodeid");