Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757186AbbGPCLs (ORCPT ); Wed, 15 Jul 2015 22:11:48 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:55392 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754300AbbGPBKP (ORCPT ); Wed, 15 Jul 2015 21:10:15 -0400 From: Kamal Mostafa To: linux-kernel@vger.kernel.org, stable@vger.kernel.org, kernel-team@lists.ubuntu.com Cc: Mimi Zohar , Kamal Mostafa Subject: [PATCH 3.19.y-ckt 052/251] KEYS: fix "ca_keys=" partial key matching Date: Wed, 15 Jul 2015 18:06:13 -0700 Message-Id: <1437008972-9140-53-git-send-email-kamal@canonical.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1437008972-9140-1-git-send-email-kamal@canonical.com> References: <1437008972-9140-1-git-send-email-kamal@canonical.com> X-Extended-Stable: 3.19 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4773 Lines: 142 3.19.8-ckt4 -stable review patch. If anyone has any objections, please let me know. ------------------ From: Mimi Zohar commit f2b3dee484f9cee967a54ef05a66866282337519 upstream. The call to asymmetric_key_hex_to_key_id() from ca_keys_setup() silently fails with -ENOMEM. Instead of dynamically allocating memory from a __setup function, this patch defines a variable and calls __asymmetric_key_hex_to_key_id(), a new helper function, directly. This bug was introduced by 'commit 46963b774d44 ("KEYS: Overhaul key identification when searching for asymmetric keys")'. Changelog: - for clarification, rename hexlen to asciihexlen in asymmetric_key_hex_to_key_id() - add size argument to __asymmetric_key_hex_to_key_id() - David Howells - inline __asymmetric_key_hex_to_key_id() - David Howells - remove duplicate strlen() calls Acked-by: David Howells Signed-off-by: Mimi Zohar Signed-off-by: Kamal Mostafa --- crypto/asymmetric_keys/asymmetric_keys.h | 3 +++ crypto/asymmetric_keys/asymmetric_type.c | 20 ++++++++++++++------ crypto/asymmetric_keys/x509_public_key.c | 23 ++++++++++++++++++----- 3 files changed, 35 insertions(+), 11 deletions(-) diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h index f973308..3f5b537 100644 --- a/crypto/asymmetric_keys/asymmetric_keys.h +++ b/crypto/asymmetric_keys/asymmetric_keys.h @@ -11,6 +11,9 @@ extern struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id); +extern int __asymmetric_key_hex_to_key_id(const char *id, + struct asymmetric_key_id *match_id, + size_t hexlen); static inline const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key) { diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index bcbbbd7..b0e4ed2 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c @@ -104,6 +104,15 @@ static bool asymmetric_match_key_ids( return false; } +/* helper function can be called directly with pre-allocated memory */ +inline int __asymmetric_key_hex_to_key_id(const char *id, + struct asymmetric_key_id *match_id, + size_t hexlen) +{ + match_id->len = hexlen; + return hex2bin(match_id->data, id, hexlen); +} + /** * asymmetric_key_hex_to_key_id - Convert a hex string into a key ID. * @id: The ID as a hex string. @@ -111,21 +120,20 @@ static bool asymmetric_match_key_ids( struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id) { struct asymmetric_key_id *match_id; - size_t hexlen; + size_t asciihexlen; int ret; if (!*id) return ERR_PTR(-EINVAL); - hexlen = strlen(id); - if (hexlen & 1) + asciihexlen = strlen(id); + if (asciihexlen & 1) return ERR_PTR(-EINVAL); - match_id = kmalloc(sizeof(struct asymmetric_key_id) + hexlen / 2, + match_id = kmalloc(sizeof(struct asymmetric_key_id) + asciihexlen / 2, GFP_KERNEL); if (!match_id) return ERR_PTR(-ENOMEM); - match_id->len = hexlen / 2; - ret = hex2bin(match_id->data, id, hexlen / 2); + ret = __asymmetric_key_hex_to_key_id(id, match_id, asciihexlen / 2); if (ret < 0) { kfree(match_id); return ERR_PTR(-EINVAL); diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index a6c4203..24f17e6 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c @@ -28,17 +28,30 @@ static bool use_builtin_keys; static struct asymmetric_key_id *ca_keyid; #ifndef MODULE +static struct { + struct asymmetric_key_id id; + unsigned char data[10]; +} cakey; + static int __init ca_keys_setup(char *str) { if (!str) /* default system keyring */ return 1; if (strncmp(str, "id:", 3) == 0) { - struct asymmetric_key_id *p; - p = asymmetric_key_hex_to_key_id(str + 3); - if (p == ERR_PTR(-EINVAL)) - pr_err("Unparsable hex string in ca_keys\n"); - else if (!IS_ERR(p)) + struct asymmetric_key_id *p = &cakey.id; + size_t hexlen = (strlen(str) - 3) / 2; + int ret; + + if (hexlen == 0 || hexlen > sizeof(cakey.data)) { + pr_err("Missing or invalid ca_keys id\n"); + return 1; + } + + ret = __asymmetric_key_hex_to_key_id(str + 3, p, hexlen); + if (ret < 0) + pr_err("Unparsable ca_keys id hex string\n"); + else ca_keyid = p; /* owner key 'id:xxxxxx' */ } else if (strcmp(str, "builtin") == 0) { use_builtin_keys = true; -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/