diff options
| author | Ilya Dryomov <idryomov@gmail.com> | 2025-07-04 17:30:50 +0300 |
|---|---|---|
| committer | Ilya Dryomov <idryomov@gmail.com> | 2026-02-09 14:29:21 +0300 |
| commit | ac431d597a9bdfc2ba6b314813f29a6ef2b4a3bf (patch) | |
| tree | 3d8cd1c3581ea0eb7195307c38a81b50b136186f | |
| parent | 05f7e89ab9731565d8a62e3b5d1ec206485eeb0b (diff) | |
| download | linux-ac431d597a9bdfc2ba6b314813f29a6ef2b4a3bf.tar.xz | |
libceph: define and enforce CEPH_MAX_KEY_LEN
When decoding the key, verify that the key material would fit into
a fixed-size buffer in process_auth_done() and generally has a sane
length.
The new CEPH_MAX_KEY_LEN check replaces the existing check for a key
with no key material which is a) not universal since CEPH_CRYPTO_NONE
has to be excluded and b) doesn't provide much value since a smaller
than needed key is just as invalid as no key -- this has to be handled
elsewhere anyway.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
| -rw-r--r-- | net/ceph/crypto.c | 8 | ||||
| -rw-r--r-- | net/ceph/crypto.h | 2 | ||||
| -rw-r--r-- | net/ceph/messenger_v2.c | 2 |
3 files changed, 7 insertions, 5 deletions
diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c index 01b2ce1e8fc0..5601732cf4fa 100644 --- a/net/ceph/crypto.c +++ b/net/ceph/crypto.c @@ -37,9 +37,6 @@ static int set_secret(struct ceph_crypto_key *key, void *buf) return -ENOTSUPP; } - if (!key->len) - return -EINVAL; - key->key = kmemdup(buf, key->len, GFP_NOIO); if (!key->key) { ret = -ENOMEM; @@ -83,6 +80,11 @@ int ceph_crypto_key_decode(struct ceph_crypto_key *key, void **p, void *end) ceph_decode_copy(p, &key->created, sizeof(key->created)); key->len = ceph_decode_16(p); ceph_decode_need(p, end, key->len, bad); + if (key->len > CEPH_MAX_KEY_LEN) { + pr_err("secret too big %d\n", key->len); + return -EINVAL; + } + ret = set_secret(key, *p); memzero_explicit(*p, key->len); *p += key->len; diff --git a/net/ceph/crypto.h b/net/ceph/crypto.h index 23de29fc613c..a20bad6d1e96 100644 --- a/net/ceph/crypto.h +++ b/net/ceph/crypto.h @@ -5,7 +5,7 @@ #include <linux/ceph/types.h> #include <linux/ceph/buffer.h> -#define CEPH_KEY_LEN 16 +#define CEPH_MAX_KEY_LEN 16 #define CEPH_MAX_CON_SECRET_LEN 64 /* diff --git a/net/ceph/messenger_v2.c b/net/ceph/messenger_v2.c index c9d50c0dcd33..31e042dc1b3f 100644 --- a/net/ceph/messenger_v2.c +++ b/net/ceph/messenger_v2.c @@ -2360,7 +2360,7 @@ bad: */ static int process_auth_done(struct ceph_connection *con, void *p, void *end) { - u8 session_key_buf[CEPH_KEY_LEN + 16]; + u8 session_key_buf[CEPH_MAX_KEY_LEN + 16]; u8 con_secret_buf[CEPH_MAX_CON_SECRET_LEN + 16]; u8 *session_key = PTR_ALIGN(&session_key_buf[0], 16); u8 *con_secret = PTR_ALIGN(&con_secret_buf[0], 16); |