Received: by 10.223.176.5 with SMTP id f5csp115695wra; Mon, 5 Feb 2018 17:57:17 -0800 (PST) X-Google-Smtp-Source: AH8x226ghVtIcTUrs8dpMhx6vjv/KK9mpVQXodylr303ydyTmwwqjwYlWjNKIi7T3aQZwHQOOnBy X-Received: by 10.99.67.133 with SMTP id q127mr598828pga.365.1517882236918; Mon, 05 Feb 2018 17:57:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517882236; cv=none; d=google.com; s=arc-20160816; b=kD4bit7y31aURvNRgB8qCNkgjb4CndsTNzj+RKudLYdBxVL7h6HYvAgcFLAbaSUnz/ i26zwMCQJA29Z2FV/afrWBYJhyy8wn+uWarH6YZzYCyGNH5RHGg+mMmp7F5e6GEpkPmf /Fi+uDC4Kjilk3nB3YjXnQo4RF6SNW3+5W9Kkt8JmZIo/HHT7fFgaVQ/IbeLf37C+kWu w2222+FsZFW1c9BHH8pEO+HIqR/zN5LdcCFlJ7yKQiCb/wiwZ5RAnrMB5IFbSmuyJokW OL/4XP6GDJNO/CfCdaaYg5OqtfhC9t7gkZlAapWnUKZNSw6+QBy51SvXmhAw2qk/tVeW +vCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=NeLk3dfgP5qqlJxia4lCNQRoG2/4syvd7qwr4Jpl/5Q=; b=jHxOdmzAGxP7hGa1lnqlVtR5g4r89eF/9Zjan4BByGnfWUZ7eh2ZYcBCmvLS2YSwzw qeZVjrWJ20xx5KK8gdpUBNjb/hYq4O5fspwMYboY37gg/WhTTUU1rsH/zR8QrVAPu7Vs oBEJJ9ZUMb28YrTtuHCWAtDbxt9CMxePbdoj9cIpULUzFJywSpVNjFNeS6bTMMtEnqD+ bLD/sJheHdyJkzr1wU+Vb899gTrgFZ59+WfjEDnbHY7IImKOJxalUDIJTZWRj61hVBnr ocWk0fRBW45FVzh8oBMUZVrQFhkWt0MSwqmE6YJ2DIuPmsdGz1WFEru2Y++AhY6U5F8L cgkQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XrMyhDIp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z34-v6si3715860plh.45.2018.02.05.17.56.59; Mon, 05 Feb 2018 17:57:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XrMyhDIp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752482AbeBFByu (ORCPT + 99 others); Mon, 5 Feb 2018 20:54:50 -0500 Received: from mail-it0-f66.google.com ([209.85.214.66]:55671 "EHLO mail-it0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752165AbeBFByk (ORCPT ); Mon, 5 Feb 2018 20:54:40 -0500 Received: by mail-it0-f66.google.com with SMTP id b66so602861itd.5 for ; Mon, 05 Feb 2018 17:54:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=NeLk3dfgP5qqlJxia4lCNQRoG2/4syvd7qwr4Jpl/5Q=; b=XrMyhDIpM6vuNVecw417oLG2iQa8UMZH8sbF6FuyOuDc4AzW4/f3nktS7M7El5X+Wk D91uNIOC2Dkm83Haj39QikyD9TBXBJ0yeYHnmpSxKb7BIwVs7suslkjnHrGKO3xYmVXI V+iZTLmYFSOjBtM9zN2S5M34F/BTYpO4v7uEgQk9nZpLRlxEKlN7AwGtWfpY/QHTtGAJ cr71oE1CJOJTJ209X2yOm3wPt0VRWWGs/uygk5pTci4Fpq5yX6fMjE7gN8l9suxXClZ/ R0DKEpBWhc56z/8QQyomwyWPqJb/rOLImpMmsA03P1LwnVuSanJHseofBrCiYArxLsOc rboQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=NeLk3dfgP5qqlJxia4lCNQRoG2/4syvd7qwr4Jpl/5Q=; b=ApEt45X4RenKxikoX1GkxyJdMaYYnKrjFUMR/ft9M+Zneo+8UZAJyNy9Es/vqAXW69 +lDopm+5fVlnMbTiWYmMZ7nTgVkKrJJB11FxMWq9yeUohkru+UJyI6WP5gP/yCejhP08 hOaM6SzomTwBQ0nZfxEqUxIMSRbVaeALz0JHJBZN5Om2X5GFu9Nl8q0g5BjBtFM16axw XWD0LR0WVGiNK1NGdsZRYuBvAmFUYVH2L6FhkMKbo2Z5VRLmzksyTaVP3eIn5bOfbNy9 oAMRi9wXM/t582480cGOzd4zF4hlmD+Dok6yd4f0YM0jHFS3oKlkdYnVDF7JWgaMPBRD 1Cyg== X-Gm-Message-State: APf1xPCkGGNUdxUJejf+ztvQiC01nYh6vdDLrfmJG1+Qsrr60Y2xLcYV uS1gokBpq/heaKZEB4PxXcAseQ== X-Received: by 10.36.118.142 with SMTP id z136mr912533itb.61.1517882079005; Mon, 05 Feb 2018 17:54:39 -0800 (PST) Received: from google.com ([2620:15c:17:3:dc28:5c82:b905:e8a8]) by smtp.gmail.com with ESMTPSA id x186sm6024216itb.6.2018.02.05.17.54.37 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 05 Feb 2018 17:54:37 -0800 (PST) Date: Mon, 5 Feb 2018 17:54:35 -0800 From: Eric Biggers To: Jin Qian Cc: Mimi Zohar , David Safford , David Howells , James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH 1/1] KEYS: encrypted: fix buffer overread in valid_master_desc() Message-ID: <20180206015435.GA91829@google.com> References: <20180205200246.12253-1-jinqian@android.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180205200246.12253-1-jinqian@android.com> User-Agent: Mutt/1.9.2 (2017-12-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 05, 2018 at 12:02:46PM -0800, Jin Qian wrote: > From: Eric Biggers > > commit 794b4bc292f5d31739d89c0202c54e7dc9bc3add upstream > > With the 'encrypted' key type it was possible for userspace to provide a > data blob ending with a master key description shorter than expected, > e.g. 'keyctl add encrypted desc "new x" @s'. When validating such a > master key description, validate_master_desc() could read beyond the end > of the buffer. Fix this by using strncmp() instead of memcmp(). [Also > clean up the code to deduplicate some logic.] > > Cc: stable@vger.kernel.org > Cc: Mimi Zohar > Signed-off-by: Eric Biggers > Signed-off-by: David Howells > Signed-off-by: James Morris > Signed-off-by: Jin Qian > --- > security/keys/encrypted-keys/encrypted.c | 31 +++++++++++++++---------------- > 1 file changed, 15 insertions(+), 16 deletions(-) > Hi Jin, see Documentation/stable_kernel_rules.txt -- patches for stable should be sent To: stable@vger.kernel.org (and generally with a lighter Cc: list, unless it's a complicated backport), and you need to say which kernel version(s) it should be applied to. Also for upstream commits that cherry-pick cleanly, such as this one, you don't need to send an actual patch but rather just request that it be applied. The reason it should be applied is helpful too; in this case the commit fixes a bug that caused a KASAN warning. Thanks! - Eric