tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull key fixes from James Morris:

- fix a buffer overflow when displaying /proc/keys [CVE-2016-7042].

- fix broken initialisation in the big_key implementation that can
result in an oops.

- make big_key depend on having a random number generator available in
Kconfig.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
security/keys: make BIG_KEYS dependent on stdrng.
KEYS: Sort out big_key initialisation
KEYS: Fix short sprintf buffer in /proc/keys show function

Linus Torvalds 43937003 14970f20

+34 -29
+1 -1
security/keys/Kconfig
··· 41 41 bool "Large payload keys" 42 42 depends on KEYS 43 43 depends on TMPFS 44 - select CRYPTO 44 + depends on (CRYPTO_ANSI_CPRNG = y || CRYPTO_DRBG = y) 45 45 select CRYPTO_AES 46 46 select CRYPTO_ECB 47 47 select CRYPTO_RNG
+32 -27
security/keys/big_key.c
··· 9 9 * 2 of the Licence, or (at your option) any later version. 10 10 */ 11 11 12 + #define pr_fmt(fmt) "big_key: "fmt 12 13 #include <linux/init.h> 13 14 #include <linux/seq_file.h> 14 15 #include <linux/file.h> ··· 342 341 */ 343 342 static int __init big_key_init(void) 344 343 { 345 - return register_key_type(&key_type_big_key); 346 - } 344 + struct crypto_skcipher *cipher; 345 + struct crypto_rng *rng; 346 + int ret; 347 347 348 - /* 349 - * Initialize big_key crypto and RNG algorithms 350 - */ 351 - static int __init big_key_crypto_init(void) 352 - { 353 - int ret = -EINVAL; 354 - 355 - /* init RNG */ 356 - big_key_rng = crypto_alloc_rng(big_key_rng_name, 0, 0); 357 - if (IS_ERR(big_key_rng)) { 358 - big_key_rng = NULL; 359 - return -EFAULT; 348 + rng = crypto_alloc_rng(big_key_rng_name, 0, 0); 349 + if (IS_ERR(rng)) { 350 + pr_err("Can't alloc rng: %ld\n", PTR_ERR(rng)); 351 + return PTR_ERR(rng); 360 352 } 361 353 354 + big_key_rng = rng; 355 + 362 356 /* seed RNG */ 363 - ret = crypto_rng_reset(big_key_rng, NULL, crypto_rng_seedsize(big_key_rng)); 364 - if (ret) 365 - goto error; 357 + ret = crypto_rng_reset(rng, NULL, crypto_rng_seedsize(rng)); 358 + if (ret) { 359 + pr_err("Can't reset rng: %d\n", ret); 360 + goto error_rng; 361 + } 366 362 367 363 /* init block cipher */ 368 - big_key_skcipher = crypto_alloc_skcipher(big_key_alg_name, 369 - 0, CRYPTO_ALG_ASYNC); 370 - if (IS_ERR(big_key_skcipher)) { 371 - big_key_skcipher = NULL; 372 - ret = -EFAULT; 373 - goto error; 364 + cipher = crypto_alloc_skcipher(big_key_alg_name, 0, CRYPTO_ALG_ASYNC); 365 + if (IS_ERR(cipher)) { 366 + ret = PTR_ERR(cipher); 367 + pr_err("Can't alloc crypto: %d\n", ret); 368 + goto error_rng; 369 + } 370 + 371 + big_key_skcipher = cipher; 372 + 373 + ret = register_key_type(&key_type_big_key); 374 + if (ret < 0) { 375 + pr_err("Can't register type: %d\n", ret); 376 + goto error_cipher; 374 377 } 375 378 376 379 return 0; 377 380 378 - error: 381 + error_cipher: 382 + crypto_free_skcipher(big_key_skcipher); 383 + error_rng: 379 384 crypto_free_rng(big_key_rng); 380 - big_key_rng = NULL; 381 385 return ret; 382 386 } 383 387 384 - device_initcall(big_key_init); 385 - late_initcall(big_key_crypto_init); 388 + late_initcall(big_key_init);
+1 -1
security/keys/proc.c
··· 181 181 struct timespec now; 182 182 unsigned long timo; 183 183 key_ref_t key_ref, skey_ref; 184 - char xbuf[12]; 184 + char xbuf[16]; 185 185 int rc; 186 186 187 187 struct keyring_search_context ctx = {