Eric Biggers d7ef5cd05d KEYS: DNS: limit the length of option strings ... commit 9c438d7a3a52dcc2b9ed095cb87d3a5e83cf7e60 upstream. Adding a dns_resolver key whose payload contains a very long option name resulted in that string being printed in full. This hit the WARN_ONCE() in set_precision() during the printk(), because printk() only supports a precision of up to 32767 bytes: precision 1000000 too large WARNING: CPU: 0 PID: 752 at lib/vsprintf.c:2189 vsnprintf+0x4bc/0x5b0 Fix it by limiting option strings (combined name + value) to a much more reasonable 128 bytes. The exact limit is arbitrary, but currently the only recognized option is formatted as "dnserror=%lu" which fits well within this limit. Also ratelimit the printks. Reproducer: perl -e 'print "#", "A" x 1000000, "\x00"' | keyctl padd dns_resolver desc @s This bug was found using syzkaller. Reported-by: Mark Rutland <mark.rutland@arm.com> Fixes: 4a2d789267 ("DNS: If the DNS server returns an error, allow that to be cached [ver #2]") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> [bwh: Backported to 3.16: - Also stop logging the key serial number - Include <linux/ratelimit.h> directly] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>		2019-07-27 21:52:16 +02:00
..
9p	9p: forgetting to cancel request on interrupted zero-copy RPC	2015-08-03 09:29:47 -07:00
802
8021q	8021q: fix a potential memory leak	2014-07-28 08:00:04 -07:00
appletalk	appletalk: Fix socket referencing in skb	2014-07-28 08:00:05 -07:00
atm	arch: Mass conversion of smp_mb__*()	2014-08-15 11:45:28 -07:00
ax25	Import latest Samsung release	2017-04-18 03:43:52 +02:00
batman-adv	batman-adv: Fix broadcast/ogm queue limit on a removed interface	2016-06-07 10:42:53 +02:00
bluetooth	Bluetooth: hidp: Fix handling of strncpy for hid->name information	2019-07-27 21:51:39 +02:00
bridge	netfilter: ebtables: handle string from userspace with care	2019-07-27 21:52:09 +02:00
caif	net/unix: sk_socket can disappear when state is unlocked	2015-09-16 18:20:18 +05:30
can	can: add missing initialisations in CAN related skbuffs	2015-03-26 15:00:58 +01:00
ceph	libceph: introduce ceph_crypt() for in-place en/decryption	2017-04-22 23:02:50 +02:00
core	neighbour: confirm neigh entries when ARP packet is received	2019-07-27 21:51:56 +02:00
dcb	net: Use netlink_ns_capable to verify the permisions of netlink messages	2014-06-26 15:12:37 -04:00
dccp	dccp: check sk for closed state in dccp_sendmsg()	2019-07-27 21:49:52 +02:00
decnet	decnet: Do not build routes to devices without decnet private data.	2016-06-07 10:42:54 +02:00
dns_resolver	KEYS: DNS: limit the length of option strings	2019-07-27 21:52:16 +02:00
dsa
ethernet
ieee802154	6lowpan: fix lockdep splats	2014-03-06 21:30:02 -08:00
ipc_router	net: ipc_router: Fix buffer overflow during memcpy	2019-07-27 21:51:21 +02:00
ipv4	tcp: don't read out-of-bounds opsize	2019-07-27 21:52:04 +02:00
ipv6	ipv6: sit: better validate user provided tunnel names	2019-07-27 21:52:03 +02:00
ipx	ipx: call ipxitf_put() in ioctl error path	2017-09-08 18:51:09 +00:00
irda	irda: Fix lockdep annotations in hashbin_delete().	2017-04-22 23:02:49 +02:00
iucv	Merge upstream tag 'v3.10.49' into msm-3.10	2014-08-20 13:23:09 -07:00
key	af_key: fix buffer overread in parse_exthdrs()	2019-07-27 21:46:23 +02:00
l2tp	l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache	2019-07-27 21:51:14 +02:00
lapb
llc	llc: fix NULL pointer deref for SOCK_ZAPPED	2019-07-27 21:52:13 +02:00
mac80211	mac80211: use constant time comparison with keys	2019-07-27 21:45:47 +02:00
mac802154
netfilter	BACKPORT: ANDROID: Use sk_uid to replace uid get from socket file	2019-07-27 21:51:34 +02:00
netlabel	netlabel: add address family checks to netlbl_{sock,req}_delattr()	2019-07-27 21:41:59 +02:00
netlink	BACKPORT: netlink: add a start callback for starting a netlink dump	2019-07-27 21:51:36 +02:00
netrom
nfc	NFC: llcp: Limit size of SDP URI	2019-07-27 21:51:24 +02:00
openvswitch	openvswitch: fix panic with multiple vlan headers	2014-10-15 08:31:57 +02:00
packet	packet: refine ring v3 block size test to hold one frame	2019-07-27 21:51:14 +02:00
phonet	This is the 3.10.96 stable release	2017-04-18 17:16:02 +02:00
rds	This is the 3.10.99 stable release	2017-04-18 17:17:46 +02:00
rfkill	net: rfkill: Do not ignore errors from regulator_enable()	2019-07-27 21:42:01 +02:00
rmnet_data	net: rmnet_data: Change the log level for unknown IOCTL's	2019-07-27 21:51:01 +02:00
rose	net: rose: restore old recvmsg behavior	2014-01-15 15:28:49 -08:00
rxrpc	rxrpc: Fix several cases where a padded len isn't checked in ticket decode	2019-07-27 21:44:13 +02:00
sched	sch_fq_codel: avoid double free on init failure	2019-07-27 21:45:13 +02:00
sctp	sctp: fix a type cast warnings that causes a_rwnd gets the wrong value	2019-07-27 21:45:39 +02:00
sunrpc	kernel: make groups_sort calling a responsibility group_info allocators	2019-07-27 21:46:18 +02:00
tipc	net/tipc: initialize security state for new connection socket	2015-10-01 12:07:35 +02:00
unix	net/unix: don't show information about sockets from other namespaces	2019-07-27 21:45:50 +02:00
vmw_vsock	VSOCK: do not disconnect socket when peer has shutdown SEND only	2016-06-07 10:42:54 +02:00
wimax
wireless	cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE	2019-07-27 21:51:54 +02:00
x25	net: fix a kernel infoleak in x25 module	2016-06-07 10:42:54 +02:00
xfrm	xfrm: fix 'passing zero to ERR_PTR()' warning	2019-07-27 21:51:39 +02:00
activity_stats.c	net: activity_stats: Stop using obsolete create_proc_read_entry api	2013-07-01 15:52:02 -07:00
compat.c	net: support compat 64-bit time in {s,g}etsockopt	2019-07-27 21:49:09 +02:00
Kconfig	kernel: remove CONFIG_USE_GENERIC_SMP_HELPERS cleanly	2014-07-09 13:21:25 +03:00
Makefile
nonet.c	llseek: automatically add .llseek fop	2010-10-15 15:53:27 +02:00
socket.c	UPSTREAM: net: socket: Make unnecessarily global sockfs_setattr() static	2019-07-27 21:51:01 +02:00
sysctl_net.c	net: Update the sysctl permissions handler to test effective uid/gid	2013-10-13 16:08:34 -07:00