summaryrefslogtreecommitdiff
path: root/security/keys/trusted.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2014-12-02 01:52:45 +0300
committerDavid Howells <dhowells@redhat.com>2014-12-02 01:52:45 +0300
commitaa9d4437893f7e015ce5b6d6c443a9ba92c8a2e7 (patch)
tree40cb7d4a6ff0b231a10cf7e51c8a8b24a7f3cd45 /security/keys/trusted.c
parent009d0431c3914de64666bec0d350e54fdd59df6a (diff)
downloadlinux-aa9d4437893f7e015ce5b6d6c443a9ba92c8a2e7.tar.xz
KEYS: Fix the size of the key description passed to/from userspace
When a key description argument is imported into the kernel from userspace, as happens in add_key(), request_key(), KEYCTL_JOIN_SESSION_KEYRING, KEYCTL_SEARCH, the description is copied into a buffer up to PAGE_SIZE in size. PAGE_SIZE, however, is a variable quantity, depending on the arch. Fix this at 4096 instead (ie. 4095 plus a NUL termination) and define a constant (KEY_MAX_DESC_SIZE) to this end. When reading the description back with KEYCTL_DESCRIBE, a PAGE_SIZE internal buffer is allocated into which the information and description will be rendered. This means that the description will get truncated if an extremely long description it has to be crammed into the buffer with the stringified information. There is no particular need to copy the description into the buffer, so just copy it directly to userspace in a separate operation. Reported-by: Christian Kastner <debian@kvr.at> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Christian Kastner <debian@kvr.at>
Diffstat (limited to 'security/keys/trusted.c')
0 files changed, 0 insertions, 0 deletions