git.samba.org - sfrench/cifs-2.6.git/commit

author	Mathias Krause <minipli@googlemail.com>
	Tue, 5 Feb 2013 17:19:13 +0000 (18:19 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 14 Mar 2013 18:29:50 +0000 (11:29 -0700)
commit	30e39b7c57422b29533a1bf43f2fd921e088a71d
tree	49dc959d9bb11deb5be1cf30f7e3bc4cd8bc3db1	tree
parent	76de736ea670500c46e84bff7ae0e040f69d4397	commit \| diff

crypto: user - fix info leaks in report API

commit 9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 upstream.

Three errors resulting in kernel memory disclosure:

1/ The structures used for the netlink based crypto algorithm report API
are located on the stack. As snprintf() does not fill the remainder of
the buffer with null bytes, those stack bytes will be disclosed to users
of the API. Switch to strncpy() to fix this.

2/ crypto_report_one() does not initialize all field of struct
crypto_user_alg. Fix this to fix the heap info leak.

3/ For the module name we should copy only as many bytes as
module_name() returns -- not as much as the destination buffer could
hold. But the current code does not and therefore copies random data
from behind the end of the module name, as the module name is always
shorter than CRYPTO_MAX_ALG_NAME.

Also switch to use strncpy() to copy the algorithm's name and
driver_name. They are strings, after all.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

crypto/ablkcipher.c		diff \| blob \| history
crypto/aead.c		diff \| blob \| history
crypto/ahash.c		diff \| blob \| history
crypto/blkcipher.c		diff \| blob \| history
crypto/crypto_user.c		diff \| blob \| history
crypto/pcompress.c		diff \| blob \| history
crypto/rng.c		diff \| blob \| history
crypto/shash.c		diff \| blob \| history