Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754607AbbLJJXt (ORCPT ); Thu, 10 Dec 2015 04:23:49 -0500 Received: from h1446028.stratoserver.net ([85.214.92.142]:48296 "EHLO mail.ahsoftware.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752222AbbLJJXp (ORCPT ); Thu, 10 Dec 2015 04:23:45 -0500 Subject: Re: [PATCH] X.509: Fix the time validation [ver #3] To: David Howells , jmorris@namei.org References: <20151112113840.22150.8769.stgit@warthog.procyon.org.uk> Cc: David Woodhouse , linux-kernel@vger.kernel.org, stable@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, Mimi Zohar , stable@vger.kernel.org From: Alexander Holler Message-ID: <56694497.9090308@ahsoftware.de> Date: Thu, 10 Dec 2015 10:23:35 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <20151112113840.22150.8769.stgit@warthog.procyon.org.uk> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 861 Lines: 21 Am 12.11.2015 um 12:38 schrieb David Howells: > This fixes CVE-2015-5327. It affects kernels from 4.3-rc1 onwards. > > Fix the X.509 time validation to use month number-1 when looking up the > number of days in that month. Also put the month number validation before > doing the lookup so as not to risk overrunning the array. I've just run into this with 4.3.1 (mon_len ended up with 0 because of the wrong index). Which means currently build stable kernels with signature verification might not load modules (depending on which value the invalid index mon_len (12) ends up with. Regards, Alexander Holler -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/