From 17e9e3a72ffab22ea5a44f4e3490f4570950a47f Mon Sep 17 00:00:00 2001 From: Chun-Yi Lee Date: Wed, 4 Oct 2017 19:18:22 +0800 Subject: KEYS: Fix the wrong index when checking the existence of second id Fix the wrong index number when checking the existence of second id in function of finding asymmetric key. The id_1 is the second id that the index in array must be 1 but not 0. Fixes: 5e3641dcbb58 (KEYS: Generalise x509_request_asymmetric_key()) Cc: David Howells Cc: Herbert Xu Cc: "David S. Miller" Signed-off-by: Chun-Yi Lee Signed-off-by: David Howells --- crypto/asymmetric_keys/asymmetric_type.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto') diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index e4b0ed38..a597f5c5 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c @@ -105,7 +105,7 @@ struct key *find_asymmetric_key(struct key *keyring, if (id_0 && id_1) { const struct asymmetric_key_ids *kids = asymmetric_key_ids(key); - if (!kids->id[0]) { + if (!kids->id[1]) { pr_debug("First ID matches, but second is missing\n"); goto reject; } -- cgit v1.2.3 From 5ed4da51cce662f0842ed5a3024a29719e441fbe Mon Sep 17 00:00:00 2001 From: Chun-Yi Lee Date: Wed, 4 Oct 2017 16:45:09 +0800 Subject: KEYS: checking the input id parameters before finding asymmetric key For finding asymmetric key, the input id_0 and id_1 parameters can not be NULL at the same time. This patch adds the BUG_ON checking for id_0 and id_1. Cc: David Howells Cc: Herbert Xu Cc: "David S. Miller" Signed-off-by: Chun-Yi Lee Signed-off-by: David Howells --- crypto/asymmetric_keys/asymmetric_type.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'crypto') diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index a597f5c5..39aecad2 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c @@ -57,6 +57,8 @@ struct key *find_asymmetric_key(struct key *keyring, char *req, *p; int len; + BUG_ON(!id_0 && !id_1); + if (id_0) { lookup = id_0->data; len = id_0->len; -- cgit v1.2.3 From 86744701eaebb79b104f1a204a332b2e42725ada Mon Sep 17 00:00:00 2001 From: Eric Sesterhenn Date: Sun, 8 Oct 2017 20:02:32 +0200 Subject: pkcs7: Prevent NULL pointer dereference, since sinfo is not always set. The ASN.1 parser does not necessarily set the sinfo field, this patch prevents a NULL pointer dereference on broken input. Fixes: beba760d1ec2 ("PKCS#7: Appropriately restrict authenticated attributes and content type") Signed-off-by: Eric Sesterhenn Signed-off-by: David Howells cc: stable@vger.kernel.org # 4.3+ --- crypto/asymmetric_keys/pkcs7_parser.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'crypto') diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c index af4cd864..d140d8bb 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.c +++ b/crypto/asymmetric_keys/pkcs7_parser.c @@ -88,6 +88,9 @@ static int pkcs7_check_authattrs(struct pkcs7_message *msg) bool want = false; sinfo = msg->signed_infos; + if (!sinfo) + goto inconsistent; + if (sinfo->authattrs) { want = true; msg->have_authattrs = true; -- cgit v1.2.3