To avoid misuse, ensure cru_name and cru_driver_name are always
nul-terminated strings.

Signed-off-by: Mathias Krause <mini...@googlemail.com>
---
 crypto/crypto_user.c |   14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index 423a267..dfd511f 100644
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -30,6 +30,8 @@
 
 #include "internal.h"
 
+#define null_terminated(x)     (strnlen(x, sizeof(x)) < sizeof(x))
+
 static DEFINE_MUTEX(crypto_cfg_mutex);
 
 /* The crypto netlink socket */
@@ -196,6 +198,9 @@ static int crypto_report(struct sk_buff *in_skb, struct 
nlmsghdr *in_nlh,
        struct crypto_dump_info info;
        int err;
 
+       if (!null_terminated(p->cru_name) || 
!null_terminated(p->cru_driver_name))
+               return -EINVAL;
+
        if (!p->cru_driver_name[0])
                return -EINVAL;
 
@@ -260,6 +265,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct 
nlmsghdr *nlh,
        struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
        LIST_HEAD(list);
 
+       if (!null_terminated(p->cru_name) || 
!null_terminated(p->cru_driver_name))
+               return -EINVAL;
+
        if (priority && !strlen(p->cru_driver_name))
                return -EINVAL;
 
@@ -287,6 +295,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct 
nlmsghdr *nlh,
        struct crypto_alg *alg;
        struct crypto_user_alg *p = nlmsg_data(nlh);
 
+       if (!null_terminated(p->cru_name) || 
!null_terminated(p->cru_driver_name))
+               return -EINVAL;
+
        alg = crypto_alg_match(p, 1);
        if (!alg)
                return -ENOENT;
@@ -368,6 +379,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct 
nlmsghdr *nlh,
        struct crypto_user_alg *p = nlmsg_data(nlh);
        struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
 
+       if (!null_terminated(p->cru_name) || 
!null_terminated(p->cru_driver_name))
+               return -EINVAL;
+
        if (strlen(p->cru_driver_name))
                exact = 1;
 
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to