diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-26 11:44:15 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-26 11:44:15 -0400 |
commit | 813835028e9ae1f18cd11bb0ec591d0f0577d96a (patch) | |
tree | 5c91429f5cb9f0615ca8dbf2406984583ec27deb | |
parent | 84bfed40fc25dd052620398fdcc19d8c77f02270 (diff) | |
parent | b65c32ec5a942ab3ada93a048089a938918aba7f (diff) |
Merge branch 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem fixes from James Morris:
- Smack: fix a regression caused by 1bbc55131e5
- X.509: fix a (usually un-seen) bug in RSA signature parsing
* 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
X.509: unpack RSA signatureValue field from BIT STRING
Smack: Mark inode instant in smack_task_to_inode
-rw-r--r-- | crypto/asymmetric_keys/x509_cert_parser.c | 9 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 1 |
2 files changed, 10 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 7d81e6bb461a..b6cabac4b62b 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c | |||
@@ -249,6 +249,15 @@ int x509_note_signature(void *context, size_t hdrlen, | |||
249 | return -EINVAL; | 249 | return -EINVAL; |
250 | } | 250 | } |
251 | 251 | ||
252 | if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) { | ||
253 | /* Discard the BIT STRING metadata */ | ||
254 | if (vlen < 1 || *(const u8 *)value != 0) | ||
255 | return -EBADMSG; | ||
256 | |||
257 | value++; | ||
258 | vlen--; | ||
259 | } | ||
260 | |||
252 | ctx->cert->raw_sig = value; | 261 | ctx->cert->raw_sig = value; |
253 | ctx->cert->raw_sig_size = vlen; | 262 | ctx->cert->raw_sig_size = vlen; |
254 | return 0; | 263 | return 0; |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 7ad226018f51..19de675d4504 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -2296,6 +2296,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) | |||
2296 | struct smack_known *skp = smk_of_task_struct(p); | 2296 | struct smack_known *skp = smk_of_task_struct(p); |
2297 | 2297 | ||
2298 | isp->smk_inode = skp; | 2298 | isp->smk_inode = skp; |
2299 | isp->smk_flags |= SMK_INODE_INSTANT; | ||
2299 | } | 2300 | } |
2300 | 2301 | ||
2301 | /* | 2302 | /* |