From: Eric Biggers Date: Tue, 7 Nov 2017 05:57:26 +0000 (-0800) Subject: libceph: don't WARN() if user tries to add invalid key X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=b11270853fa3654f08d4a6a03b23ddb220512d8d;p=linux.git libceph: don't WARN() if user tries to add invalid key The WARN_ON(!key->len) in set_secret() in net/ceph/crypto.c is hit if a user tries to add a key of type "ceph" with an invalid payload as follows (assuming CONFIG_CEPH_LIB=y): echo -e -n '\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \ | keyctl padd ceph desc @s This can be hit by fuzzers. As this is merely bad input and not a kernel bug, replace the WARN_ON() with return -EINVAL. Fixes: 7af3ea189a9a ("libceph: stop allocating a new cipher on every crypto request") Cc: # v4.10+ Signed-off-by: Eric Biggers Reviewed-by: Ilya Dryomov Signed-off-by: Ilya Dryomov --- diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c index 489610ac1cdda..bf9d079cbafd6 100644 --- a/net/ceph/crypto.c +++ b/net/ceph/crypto.c @@ -37,7 +37,9 @@ static int set_secret(struct ceph_crypto_key *key, void *buf) return -ENOTSUPP; } - WARN_ON(!key->len); + if (!key->len) + return -EINVAL; + key->key = kmemdup(buf, key->len, GFP_NOIO); if (!key->key) { ret = -ENOMEM;