[PATCH next] keys/dns: datalen must greater than sizeof(*v1)

Fri Dec 15 03:00:48 UTC 2023

On Thu Dec 14, 2023 at 4:33 PM EET, Edward Adam Davis wrote:
> bin will be forcibly converted to "struct dns_server_list_v1_header *", so it 
> is necessary to compare datalen with sizeof(*v1).
>
> Fixes: b946001d3bb1 ("keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry")
> Reported-and-tested-by: syzbot+94bbb75204a05da3d89f at syzkaller.appspotmail.com
> Signed-off-by: Edward Adam Davis <eadavis at qq.com>
> ---
>  net/dns_resolver/dns_key.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c
> index 3233f4f25fed..15f19521021c 100644
> --- a/net/dns_resolver/dns_key.c
> +++ b/net/dns_resolver/dns_key.c
> @@ -104,7 +104,7 @@ dns_resolver_preparse(struct key_preparsed_payload *prep)
>  
>  	if (data[0] == 0) {
>  		/* It may be a server list. */
> -		if (datalen <= sizeof(*bin))
> +		if (datalen <= sizeof(*v1))
>  			return -EINVAL;
>  
>  		bin = (const struct dns_payload_header *)data;

Reviewed-by: Jarkko Sakkinen <jarkko at kernel.org>

BR, Jarkko