crypto: user - ensure user supplied strings are nul-terminated
To avoid misuse, ensure cru_name and cru_driver_name are always
nul-terminated strings.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index 423a267..dfd511f 100644
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -30,6 +30,8 @@
#include "internal.h"
+#define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x))
+
static DEFINE_MUTEX(crypto_cfg_mutex);
/* The crypto netlink socket */
@@ -196,6 +198,9 @@
struct crypto_dump_info info;
int err;
+ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
+ return -EINVAL;
+
if (!p->cru_driver_name[0])
return -EINVAL;
@@ -260,6 +265,9 @@
struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
LIST_HEAD(list);
+ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
+ return -EINVAL;
+
if (priority && !strlen(p->cru_driver_name))
return -EINVAL;
@@ -287,6 +295,9 @@
struct crypto_alg *alg;
struct crypto_user_alg *p = nlmsg_data(nlh);
+ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
+ return -EINVAL;
+
alg = crypto_alg_match(p, 1);
if (!alg)
return -ENOENT;
@@ -368,6 +379,9 @@
struct crypto_user_alg *p = nlmsg_data(nlh);
struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
+ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
+ return -EINVAL;
+
if (strlen(p->cru_driver_name))
exact = 1;
