Commit fde0133b authored May 15, 2014 by Nathaniel W Filardo Committed by David S. Miller May 16, 2014

af_rxrpc: Fix XDR length check in rxrpc key demarshalling.



There may be padding on the ticket contained in the key payload, so just ensure
that the claimed token length is large enough, rather than exactly the right
size.

Signed-off-by: Nathaniel Wesley Filardo <nwf@cs.jhu.edu>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 6e14a5ee

net/rxrpc/ar-key.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -99,7 +99,7 @@ static int rxrpc_instantiate_xdr_rxkad(struct key key, const __be32 xdr,
		_debug("tktlen: %x", tktlen);
		if (tktlen > AFSTOKEN_RK_TIX_MAX)
		return -EKEYREJECTED;
		if (8 * 4 + tktlen != toklen)
		if (toklen < 8 * 4 + tktlen)
		return -EKEYREJECTED;

		plen = sizeof(token) + sizeof(token->kad) + tktlen;