From patchwork Thu Dec 14 14:33:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Edward Adam Davis X-Patchwork-Id: 13493144 X-Patchwork-Delegate: kuba@kernel.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="wHSXkGth" Received: from out203-205-221-242.mail.qq.com (out203-205-221-242.mail.qq.com [203.205.221.242]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34EEC85 for ; Thu, 14 Dec 2023 06:33:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1702564407; bh=H3iNTZBNvgXdZhYRXpFWoMYuroegG1F/IhVpJB+1qRc=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=wHSXkGthwvcYro9QF2rjzza+IstFulZ7dyZbQp3oUe/ullbIVqMI6RAmkcFxa1Js7 LvGDmqvRpbAhaGA/aNdJcBCdJECjhf7uAeQl/2HBLZjk2YBfj9aw0Srf9yihsH91OG RSnS5ZCLynydB+BVJ/LagXKd9FVUs1LEL9VSD13o= Received: from pek-lxu-l1.wrs.com ([111.198.225.215]) by newxmesmtplogicsvrszc5-0.qq.com (NewEsmtp) with SMTP id 8568D4F3; Thu, 14 Dec 2023 22:33:22 +0800 X-QQ-mid: xmsmtpt1702564402tglr1se4s Message-ID: X-QQ-XMAILINFO: OJVlX7oey6I0WONnjsPxacehnbgXyP7N3XwoWA38eqchNHms7zPovzaIUlEICL nbTMJAndYQX48YKUzJ5GGr9kwfkfxcpDAkxdXumrgxUfGWI1uspM2i2/bNX/leV7IiQitlzc5Ayc lTznkyTXIO9mYtGsmgNpzIxla3A63cKnNq+n4GcubkxEAX/j0xY3+a6z197gwLhXo6566ZzH4MgV krSex17eOLX9urtRGs5q4XNBPeBNfr1hltIBjvnczCgzrUhE8m/ABFEbtr2ARoRTLJBZrSd3IirS 1omk8a5i0s8F+vxlD73EZV0udH/2oB6uZJuBJ2Drj18HQvkquj5DYx4BD6ampiBrvCmK90Iyh8Ak EgJZOSdu0t9xDMJy2Ba3hnPXdIfBIza/JR11Byu0RUW359CrOaXkf0ZKUJYi7BHH0gnp2dlpojD4 4/IvszBm67C/7B8eXVW46eTWy7ogwSC6BgO/DOTA2IbSvHyXciJi3d2UBiL8UCuDIliFielBjdk5 i7txg5dYu/fjGOPXFgLPZoVbGF00GDIpkPA4ncX/VeICz0D5KGJ+N0T19xw25awF5sJIgkIoyQ01 Ohf79yCIbMVr6KxUlx/guL9MEK2Id5oVIMUDCGelGN399slJELN0lHs9wAkXknBYwXQ92A84VMKN OUq462f9qhmcMH5/cDfyMSLB3sY/Ew/4t6SI4V1bjeRcMH3RcIda1FAX5G43tw/njFwrpgK+mWAC jGrpbt8lntG0syKWB3rF1s9zwEHdCnTCIGyYGQ6byby1cZYQU50IaRuJNTh1z3mpTT5QT/0/qaSL m0ghPS1DpDC7Ca5fsh4NU0CN4I9qUBIU7R+2EvyrFsHaM6Rylu9s9W1dZjgBt97PapLvUU5+rB03 2tjr6xDG8PzE96jKcmaBUrd7HURTxKpSktdrz8mYaXbyWa5du6e2AyAZhAZP+tbYQ+xYAqn8VN X-QQ-XMRINFO: NyFYKkN4Ny6FSmKK/uo/jdU= From: Edward Adam Davis To: syzbot+94bbb75204a05da3d89f@syzkaller.appspotmail.com Cc: davem@davemloft.net, dhowells@redhat.com, edumazet@google.com, jarkko@kernel.org, jmorris@namei.org, keyrings@vger.kernel.org, kuba@kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, netdev@vger.kernel.org, pabeni@redhat.com, paul@paul-moore.com, serge@hallyn.com, syzkaller-bugs@googlegroups.com Subject: [PATCH next] keys/dns: datalen must greater than sizeof(*v1) Date: Thu, 14 Dec 2023 22:33:23 +0800 X-OQ-MSGID: <20231214143322.1004059-2-eadavis@qq.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <0000000000009b39bc060c73e209@google.com> References: <0000000000009b39bc060c73e209@google.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Level: *** X-Patchwork-Delegate: kuba@kernel.org bin will be forcibly converted to "struct dns_server_list_v1_header *", so it is necessary to compare datalen with sizeof(*v1). Fixes: b946001d3bb1 ("keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry") Reported-and-tested-by: syzbot+94bbb75204a05da3d89f@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis Reviewed-by: Jarkko Sakkinen --- net/dns_resolver/dns_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c index 3233f4f25fed..15f19521021c 100644 --- a/net/dns_resolver/dns_key.c +++ b/net/dns_resolver/dns_key.c @@ -104,7 +104,7 @@ dns_resolver_preparse(struct key_preparsed_payload *prep) if (data[0] == 0) { /* It may be a server list. */ - if (datalen <= sizeof(*bin)) + if (datalen <= sizeof(*v1)) return -EINVAL; bin = (const struct dns_payload_header *)data;