Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp5458092pxu; Tue, 22 Dec 2020 18:40:16 -0800 (PST) X-Google-Smtp-Source: ABdhPJwqkJo/EzCjPRHyBZTEwVqsnJEgQcEIXnJmcINJxIKdJN1wxYAqJl7dvZfYCbCugAreYiYI X-Received: by 2002:a17:906:3a55:: with SMTP id a21mr22518569ejf.516.1608691215833; Tue, 22 Dec 2020 18:40:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608691215; cv=none; d=google.com; s=arc-20160816; b=sPOg569T1sWR/ALETaAqVsVtSpbnc70Iw9EtMsjGHXIuIh3pcwP4+cj4Pe55Im4F5C xljzgtFHA+vrgob4QHpT5WuTc5NqQpPj/3DqjI+1biQ2ZTC6fHKBmpEtMJ7Vpl1nhzsx NAyGHq0yBpevf+z0KuTSj0itnclPfWytxIoowoxtaRgnTC+8wLU97Dxp4sCNowpD1OA0 585JGtYYsFXuruSTjvG6gXYXYKEAgfG22yebDTn8vFFhG6HbES2LD2a6LThLE3Raj1IL ueJNfx9TIZA0q50ebizXb9x2Im4+HZM9OFAwiVj4AKQSvg2xFcrPA9pHyaJ53lyQYFjF WisA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=63z0cjvldaUDU39uhbALeNzxoUTqoDbsi662TdEH1co=; b=ug+3UrnDgktbMiL0yNYyE6JISv4Z52YUAwr7kCynLf+zXZrsR9ZmmyA/ikq5jGhGZt Jglil0Mqjt4KhffeWurbuYdbk2er2FDuwypgh2yc8Ngq+7Zxsf53ItN7f38nmQQ3qU9W gHkq2WfyQkE3HqCmlmy4CA0KpMi6Rbw6FfbzyFjGIJOKF0lFFv/f0h2fYXPdXSV3h6N7 mYKHsbpOFU2imDL/hjq5XcSEkm7HJDaUMYV2B2wTyMIfC8HtBw3hsOGHHLitEvTQh49o cLguMVNGrLAHZUWa+2cWDGWiniL6tR61E9ctZ2OsX7/Tku64Sa4Jd1P2KECJ73RGaErF G0mw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pvdZjY5X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hp39si11389571ejc.214.2020.12.22.18.39.53; Tue, 22 Dec 2020 18:40:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pvdZjY5X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730047AbgLWCje (ORCPT + 99 others); Tue, 22 Dec 2020 21:39:34 -0500 Received: from mail.kernel.org ([198.145.29.99]:52234 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729058AbgLWCXt (ORCPT ); Tue, 22 Dec 2020 21:23:49 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 8201622202; Wed, 23 Dec 2020 02:23:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1608690213; bh=mCL/6JX8PjkAtZ/N2abdTYj3YjbBv9fu3lg3hFY6z3U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pvdZjY5Xp8bG923LQXrYCFdAxRGmZ7DFH+35CXhjQZQJBIHESMzkB3WDrInhRWncp Cne3JfYaPbQTu+CMtHPo3GuVyT7HRZxGbfj4ENBxut0Q80hjZXvNMrk2SdKxw4WuNP hI7rOP9Zfc25V8opQTi431f6BPdFB1P2HcDBw3AOtCwGc5z0/ro6ZcY/OgeteFp8My AQLebre9s3PBc5CmIajl1e1LzlZGxsVjZ8DDAhsdGcYtvF5syWPgzBLNPh8gbEfvsR SGWOzfy3gu1K3lLlK1xjZGw8dSIwBYnXdVE8Tc4CwpIYIw8uZWd4dADKhqUT1i5MZ4 KaJVTV41ASGhw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: David Howells , Sasha Levin , linux-afs@lists.infradead.org, keyrings@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH AUTOSEL 4.14 32/66] rxrpc: Don't leak the service-side session key to userspace Date: Tue, 22 Dec 2020 21:22:18 -0500 Message-Id: <20201223022253.2793452-32-sashal@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20201223022253.2793452-1-sashal@kernel.org> References: <20201223022253.2793452-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: David Howells [ Upstream commit d2ae4e918218f543214fbd906db68a6c580efbbb ] Don't let someone reading a service-side rxrpc-type key get access to the session key that was exchanged with the client. The server application will, at some point, need to be able to read the information in the ticket, but this probably shouldn't include the key material. Signed-off-by: David Howells Signed-off-by: Sasha Levin --- include/keys/rxrpc-type.h | 1 + net/rxrpc/key.c | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h index 8cf829dbf20ec..1cb996dac3238 100644 --- a/include/keys/rxrpc-type.h +++ b/include/keys/rxrpc-type.h @@ -88,6 +88,7 @@ struct rxk5_key { */ struct rxrpc_key_token { u16 security_index; /* RxRPC header security index */ + bool no_leak_key; /* Don't copy the key to userspace */ struct rxrpc_key_token *next; /* the next token in the list */ union { struct rxkad_key *kad; diff --git a/net/rxrpc/key.c b/net/rxrpc/key.c index 2fe2add62a8ed..dd8a12847b712 100644 --- a/net/rxrpc/key.c +++ b/net/rxrpc/key.c @@ -1077,7 +1077,8 @@ static long rxrpc_read(const struct key *key, case RXRPC_SECURITY_RXKAD: toksize += 8 * 4; /* viceid, kvno, key*2, begin, * end, primary, tktlen */ - toksize += RND(token->kad->ticket_len); + if (!token->no_leak_key) + toksize += RND(token->kad->ticket_len); break; case RXRPC_SECURITY_RXK5: @@ -1181,7 +1182,10 @@ static long rxrpc_read(const struct key *key, ENCODE(token->kad->start); ENCODE(token->kad->expiry); ENCODE(token->kad->primary_flag); - ENCODE_DATA(token->kad->ticket_len, token->kad->ticket); + if (token->no_leak_key) + ENCODE(0); + else + ENCODE_DATA(token->kad->ticket_len, token->kad->ticket); break; case RXRPC_SECURITY_RXK5: -- 2.27.0