Message ID | 148793958900.27516.14977364495699700677.stgit@warthog.procyon.org.uk |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: David Howells <dhowells@redhat.com> Date: Fri, 24 Feb 2017 12:33:09 +0000 > From: Marc Dionne <marc.dionne@auristor.com> > > In the rxrpc_read() function, which allows a user to read the contents of a > key, we miscalculate the expected length of an encoded rxkad token by not > taking into account the key length. However, the data is stored later > anyway with an ENCODE_DATA() call - and an assertion failure then ensues > when the lengths are checked at the end. > > Fix this by including the key length in the token size estimation. > > The following assertion is produced: ... > Signed-off-by: Marc Dionne <marc.dionne@auristor.com> > Signed-off-by: David Howells <dhowells@redhat.com> Applied.
diff --git a/net/rxrpc/key.c b/net/rxrpc/key.c index 18c737a61d80..0a4e28477ad9 100644 --- a/net/rxrpc/key.c +++ b/net/rxrpc/key.c @@ -1065,7 +1065,7 @@ static long rxrpc_read(const struct key *key, switch (token->security_index) { case RXRPC_SECURITY_RXKAD: - toksize += 8 * 4; /* viceid, kvno, key*2, begin, + toksize += 9 * 4; /* viceid, kvno, key*2 + len, begin, * end, primary, tktlen */ toksize += RND(token->kad->ticket_len); break;