From d5aa360a38460ed575246ae66fe64b7dc72217a3 Mon Sep 17 00:00:00 2001 From: sudip Date: Thu, 17 Sep 2015 13:12:51 +0530 Subject: crypto: asymmetric_keys - remove always false comparison hour, min and sec are unsigned int and they can never be less than zero. Signed-off-by: Sudip Mukherjee Signed-off-by: Herbert Xu --- crypto/asymmetric_keys/x509_cert_parser.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'crypto/asymmetric_keys/x509_cert_parser.c') diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index af71878d..3000ea3b 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -546,9 +546,9 @@ int x509_decode_time(time64_t *_t, size_t hdrlen, if (year < 1970 || mon < 1 || mon > 12 || day < 1 || day > mon_len || - hour < 0 || hour > 23 || - min < 0 || min > 59 || - sec < 0 || sec > 59) + hour > 23 || + min > 59 || + sec > 59) goto invalid_time; *_t = mktime64(year, mon, day, hour, min, sec); -- cgit v1.2.3 From d3dd09594f91ee57e76cbc27023b214afa01a99a Mon Sep 17 00:00:00 2001 From: David Howells Date: Thu, 12 Nov 2015 09:36:40 +0000 Subject: X.509: Fix the time validation [ver #2] This fixes CVE-2015-5327. It affects kernels from 4.3-rc1 onwards. Fix the X.509 time validation to use month number-1 when looking up the number of days in that month. Also put the month number validation before doing the lookup so as not to risk overrunning the array. This can be tested by doing the following: cat < Signed-off-by: David Howells Tested-by: Mimi Zohar Acked-by: David Woodhouse Signed-off-by: James Morris --- crypto/asymmetric_keys/x509_cert_parser.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'crypto/asymmetric_keys/x509_cert_parser.c') diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 3000ea3b..021d39c0 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -531,7 +531,11 @@ int x509_decode_time(time64_t *_t, size_t hdrlen, if (*p != 'Z') goto unsupported_time; - mon_len = month_lengths[mon]; + if (year < 1970 || + mon < 1 || mon > 12) + goto invalid_time; + + mon_len = month_lengths[mon - 1]; if (mon == 2) { if (year % 4 == 0) { mon_len = 29; @@ -543,14 +547,12 @@ int x509_decode_time(time64_t *_t, size_t hdrlen, } } - if (year < 1970 || - mon < 1 || mon > 12 || - day < 1 || day > mon_len || + if (day < 1 || day > mon_len || hour > 23 || min > 59 || sec > 59) goto invalid_time; - + *_t = mktime64(year, mon, day, hour, min, sec); return 0; -- cgit v1.2.3