Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp870475pxb; Wed, 13 Jan 2021 18:57:26 -0800 (PST) X-Google-Smtp-Source: ABdhPJyWvaIFNotiNBB0PR3Q7L+4bhMalrqk8tmpivJcJ7KozEYSM2peng1cKohs4CF3Ct2wE/58 X-Received: by 2002:aa7:c813:: with SMTP id a19mr3965293edt.192.1610593046504; Wed, 13 Jan 2021 18:57:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610593046; cv=none; d=google.com; s=arc-20160816; b=e0+4/qCcvi1yEker1PX9Np2QcNkAVlgVKiniCaDGLm3G2GjM4KwSji1yk+w3ODrtCG thOLIAC2PJcYJP6nCrBNoTbO4xJo/waFymZpOCwHWkcs4LXFgFscLqKgp+ESG8qo7FQx ISojWZBi9Bkoe5MLMR6OCj5VaRuGlqK2fJCBbnsopBHtfEIAtscpRW+o8A79U8klQUsU dS7jEG5088fSHstjbtSkG8S4T489y396zJa2NCj9l9VY1hBTUa8xY0vSp9W0ROqrBVCl bfkkTqBg6t55slihEiF/kIb3my7C8R0h128LkqeDbvKsi0L0fQjiEkDtIsVB8hFiMQ2z LoxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=B/V6YfZWj1S6831njmlgiqsX4MbKAiUhLNq4IiNecgc=; b=uyD05gqDFWDRldOfVpeCJA2P4jFGiaXDPiEpwRwxTTqNgwwXwjNiBJnBl+Rh5REaVw PQmjWd64mGEm5k5t2HEOe7YMqJyxjzC6Ps45A3MGLdOb09I/Yzlet5yiuCmb8RHXNxQ1 /R5YeP4mFf5ZVA/sUdSMHw+Ilv35ZFqq1hcqQI0Ek/GqvpvmqlmoHmrxT3v0gzYPXcI+ Z7B0Q/XYb2nxO280OYmxATg+/SquM6LvW28uxcttmhzdo2JNOpVOpNKxD0ydYgfAkFC3 D9o5l+2LO7EQIpsOwx8Y/t1WfOmypvMYTPIz16T4JAOR4za636Hc8sxg2eCp55WWzvxB uJXA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=K2aGv3ZJ; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a5si1710699ejv.428.2021.01.13.18.57.06; Wed, 13 Jan 2021 18:57:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=K2aGv3ZJ; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726438AbhANC4V (ORCPT + 99 others); Wed, 13 Jan 2021 21:56:21 -0500 Received: from mail.kernel.org ([198.145.29.99]:49896 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725902AbhANC4U (ORCPT ); Wed, 13 Jan 2021 21:56:20 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 1FB72235FA; Thu, 14 Jan 2021 02:55:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1610592940; bh=pHW2B/FjsYZUeZYVTsSMdXSjTFntYNHNKbf3cLsyRII=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=K2aGv3ZJ7mxc7qcpy7KfhtA+4m/6vmGaaCBtUXxI6su//MvljyyJl8AHka/C+qQTI k+QVMikYV6svcGyOnzmVW8iwAmplQLivKfOxtNHHja93ukJY8OBXomwcGjzL45Jvoh /Hkf+RDHneTlEdX6rbb3Y8lhUEqr80Lcu/y3A8qgNLnmG1+y35RoLQ2hdGu0jt8xDV GgNYucOT9yoUUzz0T7njc1d/75A5hGggP21vyYN6Vrv402KwJtr5obQaF3cTtvjS0C HA/XTjz/KNJMVrf+MALnmDrlEj2+dNZsBIo+wkVAgahSsLq4oogyoy3gFAFqOggSJA QAxv5cCrS6XFg== Date: Thu, 14 Jan 2021 04:55:34 +0200 From: Jarkko Sakkinen To: David Howells Cc: Toke =?iso-8859-1?Q?H=F8iland-J=F8rgensen?= , Herbert Xu , "David S. Miller" , Tianjia Zhang , Gilad Ben-Yossef , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH] crypto: public_key: check that pkey_algo is non-NULL before passing it to strcmp() Message-ID: References: <20210112161044.3101-1-toke@redhat.com> <2648795.1610536273@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2648795.1610536273@warthog.procyon.org.uk> Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Jan 13, 2021 at 11:11:13AM +0000, David Howells wrote: > I'm intending to use Tianjia's patch. Would you like to add a Reviewed-by? > > David I can give. Reviewed-by: Jarkko Sakkinen /Jarkko > --- > commit 11078a592e6dcea6b9f30e822d3d30e3defc99ca > Author: Tianjia Zhang > Date: Thu Jan 7 17:28:55 2021 +0800 > > X.509: Fix crash caused by NULL pointer > > On the following call path, `sig->pkey_algo` is not assigned > in asymmetric_key_verify_signature(), which causes runtime > crash in public_key_verify_signature(). > > keyctl_pkey_verify > asymmetric_key_verify_signature > verify_signature > public_key_verify_signature > > This patch simply check this situation and fixes the crash > caused by NULL pointer. > > Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate verification") > Cc: stable@vger.kernel.org # v5.10+ > Reported-by: Tobias Markus > Signed-off-by: Tianjia Zhang > Signed-off-by: David Howells > > diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c > index 8892908ad58c..788a4ba1e2e7 100644 > --- a/crypto/asymmetric_keys/public_key.c > +++ b/crypto/asymmetric_keys/public_key.c > @@ -356,7 +356,8 @@ int public_key_verify_signature(const struct public_key *pkey, > if (ret) > goto error_free_key; > > - if (strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) { > + if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 && > + sig->data_size) { > ret = cert_sig_digest_update(sig, tfm); > if (ret) > goto error_free_key; > >