Received: by 10.223.185.116 with SMTP id b49csp6357412wrg; Wed, 28 Feb 2018 08:06:51 -0800 (PST) X-Google-Smtp-Source: AH8x225eKzAnJ4KhtU/UlgStN/Vsq51NKxCL6D3yAbSFeTGB19ANNSKsODkHINOmOWxU2gy/5O/x X-Received: by 10.99.127.80 with SMTP id p16mr14615907pgn.144.1519834011724; Wed, 28 Feb 2018 08:06:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519834011; cv=none; d=google.com; s=arc-20160816; b=ysOo0KMqJyK+uSBuo/JiQRWZDl7wOSt2QmgtnJSJXICw7EDsGyZ8n/9Ixceput/dc3 WsEbmokAtgn8745TtpLeuV3fRwu+gyNq4aRxXjljXpZqLHkwnYqvEl9KE8SeeWI3ZQta z9SS7cAwUoQFzS35c3N9TQhl4aqNyw1pGmIJD9P17wlaGs9iHPnKTkUkRmmYBlz8z/rX ONMfhGDU+ulBeLQrOluPk5NaVyHVcdvIpnhwHLRijDdzvsLmaYf0HLh4Gf2/RHVzYx7z bb/USuuOI+sSYRqumvE2swjelzHOP/LdIpXBS79Sel9Bj002M+av1KLOwwy1G3Pqa4jW 3YXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition :arc-authentication-results; bh=Z2N5ziq/eEV3p7ANGl0E4QWqJiWc/4Ygn9Qxuc2/Z2k=; b=fJKHD+jNWt0uJ7XwlkrFj4WTexDQZPqVAhZN2MWEoxFwfTPYy78OuniAvZpaBEjUtO Biq1gi8KF5+sUyaPjaAVmAeGUApsES+V44YwlCPt3gCa5k2FRT5f0GzAlmoVatCnmis0 XO1O5smqqe/tD7gXUvu0hd+B8tv8tSn0CTanDhgy66XhAg8uPh8kHezgb6dUlZSbYE65 smo31aDqIY/wMkVF3u7+A1n32892CBCG5iPTsa5vjfwEbh6r6LFH4nXjQXa44BAnl3Kw tSkf19ITYFZAWmJZcMgbpaQWJI6zPPzKQOEpRMPfryic5/37130b/olKHWxFgmJBEo1a PvsQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r12si1166130pgt.200.2018.02.28.08.06.36; Wed, 28 Feb 2018 08:06:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934374AbeB1QED (ORCPT + 99 others); Wed, 28 Feb 2018 11:04:03 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:34797 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932290AbeB1QEA (ORCPT ); Wed, 28 Feb 2018 11:04:00 -0500 Received: from [2a02:8011:400e:2:6f00:88c8:c921:d332] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1er3Yg-0006Xi-Ew; Wed, 28 Feb 2018 15:22:18 +0000 Received: from ben by deadeye with local (Exim 4.90_1) (envelope-from ) id 1er3Yf-0008TA-7X; Wed, 28 Feb 2018 15:22:17 +0000 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "Eric Biggers" , "David Howells" , "James Morris" Date: Wed, 28 Feb 2018 15:20:18 +0000 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) Subject: [PATCH 3.16 074/254] X.509: reject invalid BIT STRING for subjectPublicKey In-Reply-To: X-SA-Exim-Connect-IP: 2a02:8011:400e:2:6f00:88c8:c921:d332 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.55-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Eric Biggers commit 0f30cbea005bd3077bd98cd29277d7fc2699c1da upstream. Adding a specially crafted X.509 certificate whose subjectPublicKey ASN.1 value is zero-length caused x509_extract_key_data() to set the public key size to SIZE_MAX, as it subtracted the nonexistent BIT STRING metadata byte. Then, x509_cert_parse() called kmemdup() with that bogus size, triggering the WARN_ON_ONCE() in kmalloc_slab(). This appears to be harmless, but it still must be fixed since WARNs are never supposed to be user-triggerable. Fix it by updating x509_cert_parse() to validate that the value has a BIT STRING metadata byte, and that the byte is 0 which indicates that the number of bits in the bitstring is a multiple of 8. It would be nice to handle the metadata byte in asn1_ber_decoder() instead. But that would be tricky because in the general case a BIT STRING could be implicitly tagged, and/or could legitimately have a length that is not a whole number of bytes. Here was the WARN (cleaned up slightly): WARNING: CPU: 1 PID: 202 at mm/slab_common.c:971 kmalloc_slab+0x5d/0x70 mm/slab_common.c:971 Modules linked in: CPU: 1 PID: 202 Comm: keyctl Tainted: G B 4.14.0-09238-g1d3b78bbc6e9 #26 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014 task: ffff880033014180 task.stack: ffff8800305c8000 Call Trace: __do_kmalloc mm/slab.c:3706 [inline] __kmalloc_track_caller+0x22/0x2e0 mm/slab.c:3726 kmemdup+0x17/0x40 mm/util.c:118 kmemdup include/linux/string.h:414 [inline] x509_cert_parse+0x2cb/0x620 crypto/asymmetric_keys/x509_cert_parser.c:106 x509_key_preparse+0x61/0x750 crypto/asymmetric_keys/x509_public_key.c:174 asymmetric_key_preparse+0xa4/0x150 crypto/asymmetric_keys/asymmetric_type.c:388 key_create_or_update+0x4d4/0x10a0 security/keys/key.c:850 SYSC_add_key security/keys/keyctl.c:122 [inline] SyS_add_key+0xe8/0x290 security/keys/keyctl.c:62 entry_SYSCALL_64_fastpath+0x1f/0x96 Fixes: 42d5ec27f873 ("X.509: Add an ASN.1 decoder") Signed-off-by: Eric Biggers Signed-off-by: David Howells Reviewed-by: James Morris Signed-off-by: Ben Hutchings --- crypto/asymmetric_keys/x509_cert_parser.c | 2 ++ 1 file changed, 2 insertions(+) --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -348,6 +348,8 @@ int x509_extract_key_data(void *context, ctx->cert->pub->pkey_algo = PKEY_ALGO_RSA; /* Discard the BIT STRING metadata */ + if (vlen < 1 || *(const u8 *)value != 0) + return -EBADMSG; ctx->key = value + 1; ctx->key_size = vlen - 1; return 0;