tipc: fix size validations for the MSG_CRYPTO type (!164) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Xin Long requested to merge lxin.redhat/centos-stream-9:bz2020513 into main Nov 18, 2021

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2020513 Tested: tipcutils/demos CVE: CVE-2021-43267

commit fa40d9734a57bcbfa79a280189799f76c88f7bb0 Author: Max VA maxv@sentinelone.com Date: Mon Oct 25 17:31:53 2021 +0200

tipc: fix size validations for the MSG_CRYPTO type

The function tipc_crypto_key_rcv is used to parse MSG_CRYPTO messages
to receive keys from other nodes in the cluster in order to decrypt any
further messages from them.
This patch verifies that any supplied sizes in the message body are
valid for the received message.

Fixes: 1ef6f7c9390f ("tipc: add automatic session key exchange")
Signed-off-by: Max VA <maxv@sentinelone.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Signed-off-by: Xin Long lxin@redhat.com

tipc: fix size validations for the MSG_CRYPTO type

Merge request reports