KEYS: DH: validate __spare field

Syscalls must validate that their reserved arguments are zero and return EINVAL otherwise. Otherwise, it will be impossible to actually use them for anything in the future because existing programs may be passing garbage in. This is standard practice when adding new APIs. Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
author: Eric Biggers <ebiggers@google.com> 2017-07-13 13:16:56 +0100
committer: James Morris <james.l.morris@oracle.com> 2017-07-14 11:01:38 +1000
commit: 4f9dabfaf8df971f8a3b6aa324f8f817be38d538 (patch)
tree: d7825b3a87a89699417b255c71018998482ae4cd /security/keys/dh.c
parent: modsign: add markers to endif-statements in certs/Makefile (diff)
download: wireguard-linux-4f9dabfaf8df971f8a3b6aa324f8f817be38d538.tar.xz
wireguard-linux-4f9dabfaf8df971f8a3b6aa324f8f817be38d538.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/security/keys/dh.c b/security/keys/dh.c
index 4755d4b4f945..d1ea9f325f94 100644
--- a/security/keys/dh.c
+++ b/security/keys/dh.c
@@ -266,6 +266,11 @@ long __keyctl_dh_compute(struct keyctl_dh_params __user *params,
 	if (kdfcopy) {
 		char *hashname;
 
+		if (memchr_inv(kdfcopy->__spare, 0, sizeof(kdfcopy->__spare))) {
+			ret = -EINVAL;
+			goto out1;
+		}
+
 		if (buflen > KEYCTL_KDF_MAX_OUTPUT_LEN ||
 		    kdfcopy->otherinfolen > KEYCTL_KDF_MAX_OI_LEN) {
 			ret = -EMSGSIZE;
author	Eric Biggers <ebiggers@google.com>	2017-07-13 13:16:56 +0100
committer	James Morris <james.l.morris@oracle.com>	2017-07-14 11:01:38 +1000
commit	4f9dabfaf8df971f8a3b6aa324f8f817be38d538 (patch)
tree	d7825b3a87a89699417b255c71018998482ae4cd /security/keys/dh.c
parent	modsign: add markers to endif-statements in certs/Makefile (diff)
download	wireguard-linux-4f9dabfaf8df971f8a3b6aa324f8f817be38d538.tar.xz wireguard-linux-4f9dabfaf8df971f8a3b6aa324f8f817be38d538.zip