KEYS: encrypted: fix buffer overread in valid_master_desc()
commit794b4bc292f5d31739d89c0202c54e7dc9bc3add
authorEric Biggers <ebiggers@google.com>
Thu, 8 Jun 2017 13:48:18 +0000 (8 14:48 +0100)
committerJames Morris <james.l.morris@oracle.com>
Fri, 9 Jun 2017 03:29:46 +0000 (9 13:29 +1000)
tree717c0817eea7ddb40659b40f45f7524eedddc901
parente9ff56ac352446f55141aaef1553cee662b2e310
KEYS: encrypted: fix buffer overread in valid_master_desc()

With the 'encrypted' key type it was possible for userspace to provide a
data blob ending with a master key description shorter than expected,
e.g. 'keyctl add encrypted desc "new x" @s'.  When validating such a
master key description, validate_master_desc() could read beyond the end
of the buffer.  Fix this by using strncmp() instead of memcmp().  [Also
clean up the code to deduplicate some logic.]

Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
security/keys/encrypted-keys/encrypted.c