enforce max key->len

diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index 01b2ce1e8fc06eec7cfdc2aa9c6cde5398a40fc3..5601732cf4faa810253a153302a9dc0662884725 100644 (file)
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -37,9 +37,6 @@ static int set_secret(struct ceph_crypto_key *key, void *buf)
                return -ENOTSUPP;
        }
 
-       if (!key->len)
-               return -EINVAL;
-
        key->key = kmemdup(buf, key->len, GFP_NOIO);
        if (!key->key) {
                ret = -ENOMEM;
@@ -83,6 +80,11 @@ int ceph_crypto_key_decode(struct ceph_crypto_key *key, void **p, void *end)
        ceph_decode_copy(p, &key->created, sizeof(key->created));
        key->len = ceph_decode_16(p);
        ceph_decode_need(p, end, key->len, bad);
+       if (key->len > CEPH_MAX_KEY_LEN) {
+               pr_err("secret too big %d\n", key->len);
+               return -EINVAL;
+       }
+
        ret = set_secret(key, *p);
        memzero_explicit(*p, key->len);
        *p += key->len;

diff --git a/net/ceph/crypto.h b/net/ceph/crypto.h
index 23de29fc613cf1909096c222cdda1d3e10ad2d0a..a20bad6d1e964a8ad51fa1633aaa9a903d11e2ac 100644 (file)
--- a/net/ceph/crypto.h
+++ b/net/ceph/crypto.h
@@ -5,7 +5,7 @@
 #include <linux/ceph/types.h>
 #include <linux/ceph/buffer.h>
 
-#define CEPH_KEY_LEN                   16
+#define CEPH_MAX_KEY_LEN               16
 #define CEPH_MAX_CON_SECRET_LEN                64
 
 /*

diff --git a/net/ceph/messenger_v2.c b/net/ceph/messenger_v2.c
index c9d50c0dcd33a6c21c84004b797da53cc545f120..31e042dc1b3f25c4d7bacedf83b9e827240f568e 100644 (file)
--- a/net/ceph/messenger_v2.c
+++ b/net/ceph/messenger_v2.c
@@ -2360,7 +2360,7 @@ bad:
  */
 static int process_auth_done(struct ceph_connection *con, void *p, void *end)
 {
-       u8 session_key_buf[CEPH_KEY_LEN + 16];
+       u8 session_key_buf[CEPH_MAX_KEY_LEN + 16];
        u8 con_secret_buf[CEPH_MAX_CON_SECRET_LEN + 16];
        u8 *session_key = PTR_ALIGN(&session_key_buf[0], 16);
        u8 *con_secret = PTR_ALIGN(&con_secret_buf[0], 16);