af_rxrpc: Fix XDR length check in rxrpc key demarshalling.

There may be padding on the ticket contained in the key payload, so just ensure that the claimed token length is large enough, rather than exactly the right size. Signed-off-by: N Nathaniel Wesley Filardo <nwf@cs.jhu.edu> Signed-off-by: N David Howells <dhowells@redhat.com> Signed-off-by: N David S. Miller <davem@davemloft.net>

af_rxrpc: Fix XDR length check in rxrpc key demarshalling.
There may be padding on the ticket contained in the key payload, so just ensure that the claimed token length is large enough, rather than exactly the right size. Signed-off-by: N Nathaniel Wesley Filardo <nwf@cs.jhu.edu> Signed-off-by: N David Howells <dhowells@redhat.com> Signed-off-by: N David S. Miller <davem@davemloft.net>
fde0133b · Nathaniel W Filardo · David S. Miller · 6e14a5ee · fde0133b
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

net/rxrpc/ar-key.c net/rxrpc/ar-key.c +1 -1

未找到文件。
--- a/net/rxrpc/ar-key.c
+++ b/net/rxrpc/ar-key.c
@@ -99,7 +99,7 @@ static int rxrpc_instantiate_xdr_rxkad(struct key *key, const __be32 *xdr,
 	_debug("tktlen: %x", tktlen);
 	if (tktlen > AFSTOKEN_RK_TIX_MAX)
 		return -EKEYREJECTED;
-	if (8 * 4 + tktlen != toklen)
+	if (toklen < 8 * 4 + tktlen)
 		return -EKEYREJECTED;

 	plen = sizeof(*token) + sizeof(*token->kad) + tktlen;