af_rxrpc: Fix XDR length check in rxrpc key demarshalling.
authorNathaniel W Filardo <nwf@cs.jhu.edu>
Thu, 15 May 2014 14:51:22 +0000 (15:51 +0100)
committerDavid S. Miller <davem@davemloft.net>
Fri, 16 May 2014 19:24:47 +0000 (15:24 -0400)
There may be padding on the ticket contained in the key payload, so just ensure
that the claimed token length is large enough, rather than exactly the right
size.

Signed-off-by: Nathaniel Wesley Filardo <nwf@cs.jhu.edu>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/rxrpc/ar-key.c

index 7633a75..0ad0807 100644 (file)
@@ -99,7 +99,7 @@ static int rxrpc_instantiate_xdr_rxkad(struct key *key, const __be32 *xdr,
        _debug("tktlen: %x", tktlen);
        if (tktlen > AFSTOKEN_RK_TIX_MAX)
                return -EKEYREJECTED;
-       if (8 * 4 + tktlen != toklen)
+       if (toklen < 8 * 4 + tktlen)
                return -EKEYREJECTED;
 
        plen = sizeof(*token) + sizeof(*token->kad) + tktlen;