summaryrefslogtreecommitdiff
path: root/net/ncsi/ncsi-manage.c
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2018-04-17 00:29:22 +0300
committerDavid S. Miller <davem@davemloft.net>2018-04-17 20:42:58 +0300
commitc210f7b411790ee0fc4252547d645c5d8648adc5 (patch)
tree965500d01e87df8c69c28e582efa98e2958013bf /net/ncsi/ncsi-manage.c
parente3c1917e45d030411888285f56c9d42e7472cb1f (diff)
downloadlinux-c210f7b411790ee0fc4252547d645c5d8648adc5.tar.xz
KEYS: DNS: limit the length of option strings
Adding a dns_resolver key whose payload contains a very long option name resulted in that string being printed in full. This hit the WARN_ONCE() in set_precision() during the printk(), because printk() only supports a precision of up to 32767 bytes: precision 1000000 too large WARNING: CPU: 0 PID: 752 at lib/vsprintf.c:2189 vsnprintf+0x4bc/0x5b0 Fix it by limiting option strings (combined name + value) to a much more reasonable 128 bytes. The exact limit is arbitrary, but currently the only recognized option is formatted as "dnserror=%lu" which fits well within this limit. Also ratelimit the printks. Reproducer: perl -e 'print "#", "A" x 1000000, "\x00"' | keyctl padd dns_resolver desc @s This bug was found using syzkaller. Reported-by: Mark Rutland <mark.rutland@arm.com> Fixes: 4a2d789267e0 ("DNS: If the DNS server returns an error, allow that to be cached [ver #2]") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ncsi/ncsi-manage.c')
0 files changed, 0 insertions, 0 deletions