Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp5467920pxu; Tue, 22 Dec 2020 19:03:39 -0800 (PST) X-Google-Smtp-Source: ABdhPJyy7yyxX3rDFaXyanTEVS8yB2m7u0XyA6iKCfRKWzocCrBcmM8JcTLy64/9AvNRBsS5FgUp X-Received: by 2002:a05:6402:1c04:: with SMTP id ck4mr22691770edb.320.1608692619616; Tue, 22 Dec 2020 19:03:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608692619; cv=none; d=google.com; s=arc-20160816; b=Yx8z1YQx/oczNpToCB+TrS7LbMVi39b6hoMJZTqYbQfDNs0zO88Me4nlDg80lxiSM2 avVPb0dcZVXnKqbxRmjB/Yttwwa+jd955Y8sbks1rxzTkEoUWTmT0qzHLDj0ztKPSUbc MvwjSrpycZ3YTpy5ojLNx1CTEiukOWFzpifeOisyBwWnOZzyc3H+aomBEXV3kC38SNUX /1onI1Adr+bWlAc8mpPTeS9QU2Wj62YzGV+I5h3aVJBVD2vULKofIIDAFAPAk/EpM+ka JrEKY5HbZ2EhTf/TtNafZKyyXd5g2MghZ/vP8nbBM5ymKKSvO12cPO/8k4cvKS5sym6N c4DQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=HRTJd39AORNuNdJg6vy1xXp3OHWVP+yQoB73zzWJAX0=; b=uCUi9AcuLdBMiuQKVhSqW76vm2DWgyJoTjz9ZF2L1mTaPKQsnZ7Ajk4Vux0pXZpCfv CsdLXJYtmOHLAmqzD1Lg6Nq3JWWXOwDTojNR+ZHpp3id1xFLwwfjLdPVfBJSzTly0uFJ YoeRRIApLJVtd9EpP6a2B6eP/GVXxx+XVfZw02wNL/7l2g7Q+qKVTZmW17EGCZ5XDZeb MxpmtQvUsxkEhu+sZG76Yso2gk8tE9gXFmX83MTBMiqiKmoufY0IXYHhtrah+ZX6lMX8 eT/afXSdLz12DbE6bxRB4Xr9LrlNMgwrhc1hdn8FFlmOM9JI8/Lw43UGMylI9xCz35pd DYEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Em+58dAY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b16si11338342eju.94.2020.12.22.19.03.17; Tue, 22 Dec 2020 19:03:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Em+58dAY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731630AbgLWDB0 (ORCPT + 99 others); Tue, 22 Dec 2020 22:01:26 -0500 Received: from mail.kernel.org ([198.145.29.99]:46328 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728790AbgLWCTw (ORCPT ); Tue, 22 Dec 2020 21:19:52 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 9F0072313F; Wed, 23 Dec 2020 02:19:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1608689968; bh=bUikZc6WrHRG8DzuQtqkB5TrUw9iQtknHqSrG9JnOtM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Em+58dAYGxOYH33LrUOFQQ+6RZ8jYmdq7NUpI/GfCqzlEHmbZaNxo6LKtCx5AQDVG A0cxLHQyIlI0YkVV3zVkXtdABO373bb/UZB6YjKT1WSm7KfulTnLNX58Ffk0FsDKRy 3dxdVPUTvMQrES2AOkTSAhAn8xLe8eKh+eY8ejs8JALSw2AkHuR9VCcb09JniRw7YV ibvKckYV58jCG1abWDjVZpp83W94o0GoJYjylCK/PT7PpBmtsgsxy9LU7+auW3M3hF fV+lXuSn4YfnUgGe732nJEr080in1BES4FKU7pMr3b9G1m1YKHBsYcwb6HPXdCmZj+ OUU0HPh1Csv3w== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: David Howells , Sasha Levin , linux-afs@lists.infradead.org, keyrings@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH AUTOSEL 5.4 058/130] rxrpc: Don't leak the service-side session key to userspace Date: Tue, 22 Dec 2020 21:17:01 -0500 Message-Id: <20201223021813.2791612-58-sashal@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20201223021813.2791612-1-sashal@kernel.org> References: <20201223021813.2791612-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: David Howells [ Upstream commit d2ae4e918218f543214fbd906db68a6c580efbbb ] Don't let someone reading a service-side rxrpc-type key get access to the session key that was exchanged with the client. The server application will, at some point, need to be able to read the information in the ticket, but this probably shouldn't include the key material. Signed-off-by: David Howells Signed-off-by: Sasha Levin --- include/keys/rxrpc-type.h | 1 + net/rxrpc/key.c | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h index a183278c3e9ef..63dc02507b8f3 100644 --- a/include/keys/rxrpc-type.h +++ b/include/keys/rxrpc-type.h @@ -84,6 +84,7 @@ struct rxk5_key { */ struct rxrpc_key_token { u16 security_index; /* RxRPC header security index */ + bool no_leak_key; /* Don't copy the key to userspace */ struct rxrpc_key_token *next; /* the next token in the list */ union { struct rxkad_key *kad; diff --git a/net/rxrpc/key.c b/net/rxrpc/key.c index 85a9ff8cd236a..131fd90638248 100644 --- a/net/rxrpc/key.c +++ b/net/rxrpc/key.c @@ -1075,7 +1075,8 @@ static long rxrpc_read(const struct key *key, case RXRPC_SECURITY_RXKAD: toksize += 8 * 4; /* viceid, kvno, key*2, begin, * end, primary, tktlen */ - toksize += RND(token->kad->ticket_len); + if (!token->no_leak_key) + toksize += RND(token->kad->ticket_len); break; case RXRPC_SECURITY_RXK5: @@ -1179,7 +1180,10 @@ static long rxrpc_read(const struct key *key, ENCODE(token->kad->start); ENCODE(token->kad->expiry); ENCODE(token->kad->primary_flag); - ENCODE_DATA(token->kad->ticket_len, token->kad->ticket); + if (token->no_leak_key) + ENCODE(0); + else + ENCODE_DATA(token->kad->ticket_len, token->kad->ticket); break; case RXRPC_SECURITY_RXK5: -- 2.27.0