From 6a6d2a77addce6bc26ccb53df34478b1593f0fbf Mon Sep 17 00:00:00 2001 From: Chun-Yi Lee Date: Wed, 4 Oct 2017 19:18:22 +0800 Subject: KEYS: Fix the wrong index when checking the existence of second id Fix the wrong index number when checking the existence of second id in function of finding asymmetric key. The id_1 is the second id that the index in array must be 1 but not 0. Fixes: 9eb029893ad5 (KEYS: Generalise x509_request_asymmetric_key()) Cc: David Howells Cc: Herbert Xu Cc: "David S. Miller" Signed-off-by: Chun-Yi Lee Signed-off-by: David Howells --- crypto/asymmetric_keys/asymmetric_type.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto') diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index e4b0ed386bc8..a597f5c5a222 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c @@ -105,7 +105,7 @@ struct key *find_asymmetric_key(struct key *keyring, if (id_0 && id_1) { const struct asymmetric_key_ids *kids = asymmetric_key_ids(key); - if (!kids->id[0]) { + if (!kids->id[1]) { pr_debug("First ID matches, but second is missing\n"); goto reject; } -- cgit v1.2.3 From b3811d36a3e7e7e8ed660bf01151496cf99cf9ed Mon Sep 17 00:00:00 2001 From: Chun-Yi Lee Date: Wed, 4 Oct 2017 16:45:09 +0800 Subject: KEYS: checking the input id parameters before finding asymmetric key For finding asymmetric key, the input id_0 and id_1 parameters can not be NULL at the same time. This patch adds the BUG_ON checking for id_0 and id_1. Cc: David Howells Cc: Herbert Xu Cc: "David S. Miller" Signed-off-by: Chun-Yi Lee Signed-off-by: David Howells --- crypto/asymmetric_keys/asymmetric_type.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'crypto') diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index a597f5c5a222..39aecad286fe 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c @@ -57,6 +57,8 @@ struct key *find_asymmetric_key(struct key *keyring, char *req, *p; int len; + BUG_ON(!id_0 && !id_1); + if (id_0) { lookup = id_0->data; len = id_0->len; -- cgit v1.2.3 From 68a1fdbbf8bd3378325e45c19e167a165f9ffc3a Mon Sep 17 00:00:00 2001 From: Eric Sesterhenn Date: Sun, 8 Oct 2017 20:02:32 +0200 Subject: pkcs7: Prevent NULL pointer dereference, since sinfo is not always set. The ASN.1 parser does not necessarily set the sinfo field, this patch prevents a NULL pointer dereference on broken input. Fixes: 99db44350672 ("PKCS#7: Appropriately restrict authenticated attributes and content type") Signed-off-by: Eric Sesterhenn Signed-off-by: David Howells cc: stable@vger.kernel.org # 4.3+ --- crypto/asymmetric_keys/pkcs7_parser.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'crypto') diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c index af4cd8649117..d140d8bb2c96 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.c +++ b/crypto/asymmetric_keys/pkcs7_parser.c @@ -88,6 +88,9 @@ static int pkcs7_check_authattrs(struct pkcs7_message *msg) bool want = false; sinfo = msg->signed_infos; + if (!sinfo) + goto inconsistent; + if (sinfo->authattrs) { want = true; msg->have_authattrs = true; -- cgit v1.2.3