KEYS: reject NULL restriction string when type is specified - kernel/linux.git

diff options

author	Eric Biggers <ebiggers@google.com>	2017-12-08 18:13:29 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-12-14 11:52:53 +0300
commit	28e7c9a8e548c8c7e839f6ae1e21d61dc92308b0 (patch)
tree	8bcaa193ac1cc2e3ddedb2171a2342404ff8560d /crypto
parent	69d5894ce0a67d37f900d2597fc0b2b8cef6c863 (diff)
download	linux-28e7c9a8e548c8c7e839f6ae1e21d61dc92308b0.tar.xz

KEYS: reject NULL restriction string when type is specified

commit 18026d866801d0c52e5550210563222bd6c7191d upstream. keyctl_restrict_keyring() allows through a NULL restriction when the "type" is non-NULL, which causes a NULL pointer dereference in asymmetric_lookup_restriction() when it calls strcmp() on the restriction string. But no key types actually use a "NULL restriction" to mean anything, so update keyctl_restrict_keyring() to reject it with EINVAL. Reported-by: syzbot <syzkaller@googlegroups.com> Fixes: 97d3aa0f3134 ("KEYS: Add a lookup_restriction function for the asymmetric key type") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'crypto')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: