diff options
| author | Stephan Mueller <smueller@chronox.de> | 2018-01-02 08:55:25 +0100 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2018-06-01 00:30:06 +0100 |
| commit | efe80592cd0d721b786e6b6c2b3de25bdd5f6bdf (patch) | |
| tree | 30b113eb96815656ac34e036f6e310008f0cbca2 /crypto | |
| parent | 9bbce9986d0e62506891392d6c62171f5515a96d (diff) | |
crypto: af_alg - whitelist mask and type
commit bb30b8848c85e18ca7e371d0a869e94b3e383bdf upstream.
The user space interface allows specifying the type and mask field used
to allocate the cipher. Only a subset of the possible flags are intended
for user space. Therefore, white-list the allowed flags.
In case the user space caller uses at least one non-allowed flag, EINVAL
is returned.
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[bwh: Backported to 3.2: The CRYPTO_ALG_KERN_DRIVER_ONLY flag is not supported,
so set allowed to 0]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/af_alg.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/crypto/af_alg.c b/crypto/af_alg.c index 68ec1ac4104a..db3e5ec4ce30 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -149,6 +149,7 @@ EXPORT_SYMBOL_GPL(af_alg_release_parent); static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) { + const u32 allowed = 0; struct sock *sk = sock->sk; struct alg_sock *ask = alg_sk(sk); struct sockaddr_alg *sa = (void *)uaddr; @@ -156,6 +157,10 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) void *private; int err; + /* If caller uses non-allowed flag, return error. */ + if ((sa->salg_feat & ~allowed) || (sa->salg_mask & ~allowed)) + return -EINVAL; + if (sock->state == SS_CONNECTED) return -EINVAL; |