I'm announcing the release of the 4.3.2 kernel.
This release fixes a bug with regards to X.509 certificates, more
details can be found in the commit log. If you don't use these
certificates, no need to upgrade from 4.3.1. Note, the bug is also in
4.3.0, it is not new in 4.3.1.
The updated 4.3.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.3.y
and can be browsed at the normal kernel.org git web browser:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2 +-
crypto/asymmetric_keys/x509_cert_parser.c | 18 ++++++++++--------
2 files changed, 11 insertions(+), 9 deletions(-)
David Howells (1):
X.509: Fix the time validation [ver #2]
Greg Kroah-Hartman (1):
Linux 4.3.2
sudip (1):
crypto: asymmetric_keys - remove always false comparison
diff --git a/Makefile b/Makefile
index 266eeacc1490..1a4953b3e10f 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
VERSION = 4
PATCHLEVEL = 3
-SUBLEVEL = 1
+SUBLEVEL = 2
EXTRAVERSION =
NAME = Blurry Fish Butt
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index af71878dc15b..021d39c0ba75 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -531,7 +531,11 @@ int x509_decode_time(time64_t *_t, size_t hdrlen,
if (*p != 'Z')
goto unsupported_time;
- mon_len = month_lengths[mon];
+ if (year < 1970 ||
+ mon < 1 || mon > 12)
+ goto invalid_time;
+
+ mon_len = month_lengths[mon - 1];
if (mon == 2) {
if (year % 4 == 0) {
mon_len = 29;
@@ -543,14 +547,12 @@ int x509_decode_time(time64_t *_t, size_t hdrlen,
}
}
- if (year < 1970 ||
- mon < 1 || mon > 12 ||
- day < 1 || day > mon_len ||
- hour < 0 || hour > 23 ||
- min < 0 || min > 59 ||
- sec < 0 || sec > 59)
+ if (day < 1 || day > mon_len ||
+ hour > 23 ||
+ min > 59 ||
+ sec > 59)
goto invalid_time;
-
+
*_t = mktime64(year, mon, day, hour, min, sec);
return 0;
Greg KH wrote on 12/11/15 00:40:
> I'm announcing the release of the 4.3.2 kernel.
>
> This release fixes a bug with regards to X.509 certificates, more
> details can be found in the commit log. If you don't use these
> certificates, no need to upgrade from 4.3.1. Note, the bug is also in
> 4.3.0, it is not new in 4.3.1.
>
<snip>
Thanks for the timely fixes. With this patch my notebooks work normally.
The tricky thing about this bug is, AFAICS, that it only manifests itself when
compiling the kernel in December.
Regards,
jvp.