From patchwork Tue Nov  7 05:57:26 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers3@gmail.com>
X-Patchwork-Id: 10045771
Return-Path: <ceph-devel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	9BDA96031B for <patchwork-ceph-devel@patchwork.kernel.org>;
	Tue,  7 Nov 2017 05:58:44 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 81DF829BC6
	for <patchwork-ceph-devel@patchwork.kernel.org>;
	Tue,  7 Nov 2017 05:58:44 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 75BA829E54; Tue,  7 Nov 2017 05:58:44 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1C85E29BC6
	for <patchwork-ceph-devel@patchwork.kernel.org>;
	Tue,  7 Nov 2017 05:58:44 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753857AbdKGF6f (ORCPT
	<rfc822;patchwork-ceph-devel@patchwork.kernel.org>);
	Tue, 7 Nov 2017 00:58:35 -0500
Received: from mail-pf0-f193.google.com ([209.85.192.193]:55231 "EHLO
	mail-pf0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753828AbdKGF6e (ORCPT
	<rfc822; ceph-devel@vger.kernel.org>); Tue, 7 Nov 2017 00:58:34 -0500
Received: by mail-pf0-f193.google.com with SMTP id n89so9553914pfk.11;
	Mon, 06 Nov 2017 21:58:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=KYziC0VnGfXMuFOSqz+FAa3iVN0d3SQYlAZkDR8a818=;
	b=JWI2+w7UI4MD9Zp44vhd/W+1TbiFZ7AdF1Yuj1zLRBLIBdORtiwHPQYhPEBL+4qEHr
	5fK2c7ztKloREPnvXTIaRPCNRb/PD1YtIapb27XxupFKEj90qMGheLyDOSHYm1iGJFyS
	4fngrZdyBxbPNBrWKCYkcpS7kfZXgebROTc6MVsgzWV8SZVnT+46kMkCBZQELQEfVY7Q
	y7onsyouiwSZAXxH8p2BknSVSVAe08PGTXusjRT9yiZVL2dQo5UDMIwbY03iBYkLhNFv
	1qqeg1qHxXWjXuNlQi0vuI0nicR8SMia/xH2SCWPf/x2Ol3dXCQABTQFXkF7EP0/PaYt
	xzuA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=KYziC0VnGfXMuFOSqz+FAa3iVN0d3SQYlAZkDR8a818=;
	b=G109Ytw5vtVDTw5YTCJshgeamSNIinZWxmprBj6L/qwkebi59xec0ErQMOSijH3eIW
	JUo6p1FMyBkkb+HKRztfLbP26DFJ5kt3csO9fAVIFncgDEROL39YluFFR9kcCwlpv/NB
	atROf28rgS6pM6RF6CuuC/h5YEvgGvFvEZsOzUZH4zqz8B5+xgJO+VWTe5PvqUs3DKbw
	Wlecid4uGy+mRZpNJxroSCu+PMm4qcZt/wxS/W4Kpqw7IZnQIrg8Ia6/lcWyshfA7rQa
	Wk5Fzkqj1NGDG2Owi1Wh0j/6d6gyjaH0lVILL+azOCEafi0lEIiC9D7IAQWVfShhF/d5
	11JA==
X-Gm-Message-State: AMCzsaUtu9eTqtAMuzJpZYfaYU5QGxlnThC2GTftbM2AB8ZdMyyTAZKd
	TC2yPtXUgI3OS5GQW+uKyls=
X-Google-Smtp-Source: 
 ABhQp+TyGlKPwRlXZUh9AuLj5KGfZEMu3HpwNuZvCSiB19ybqucAuulT6EH/zyqNy+7F/wLL814gvA==
X-Received: by 10.84.133.165 with SMTP id f34mr16943770plf.268.1510034313306;
	Mon, 06 Nov 2017 21:58:33 -0800 (PST)
Received: from zzz.hsd1.wa.comcast.net (c-67-185-97-198.hsd1.wa.comcast.net.
	[67.185.97.198]) by smtp.gmail.com with ESMTPSA id
	q73sm1098717pfl.146.2017.11.06.21.58.32
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 06 Nov 2017 21:58:32 -0800 (PST)
From: Eric Biggers <ebiggers3@gmail.com>
To: Ilya Dryomov <idryomov@gmail.com>, Yan Zheng <zyan@redhat.com>,
	Sage Weil <sage@redhat.com>, ceph-devel@vger.kernel.org
Cc: netdev@vger.kernel.org, keyrings@vger.kernel.org,
	Eric Biggers <ebiggers@google.com>, stable@vger.kernel.org
Subject: [PATCH] libceph: don't WARN() if user tries to add invalid key
Date: Mon,  6 Nov 2017 21:57:26 -0800
Message-Id: <20171107055726.28099-1-ebiggers3@gmail.com>
X-Mailer: git-send-email 2.15.0
Sender: ceph-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Eric Biggers <ebiggers@google.com>

The WARN_ON(!key->len) in set_secret() in net/ceph/crypto.c is hit if a
user tries to add a key of type "ceph" with an invalid payload as
follows (assuming CONFIG_CEPH_LIB=y):

    echo -e -n '\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \
	| keyctl padd ceph desc @s

This can be hit by fuzzers.  As this is merely bad input and not a
kernel bug, replace the WARN_ON() with return -EINVAL.

Fixes: 7af3ea189a9a ("libceph: stop allocating a new cipher on every crypto request")
Cc: <stable@vger.kernel.org> # v4.10+
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 net/ceph/crypto.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index 489610ac1cdd..bf9d079cbafd 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -37,7 +37,9 @@ static int set_secret(struct ceph_crypto_key *key, void *buf)
 		return -ENOTSUPP;
 	}
 
-	WARN_ON(!key->len);
+	if (!key->len)
+		return -EINVAL;
+
 	key->key = kmemdup(buf, key->len, GFP_NOIO);
 	if (!key->key) {
 		ret = -ENOMEM;