Merge branch 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem fixes from James Morris:

 - Smack: fix a regression caused by 1bbc55131e5

 - X.509: fix a (usually un-seen) bug in RSA signature parsing

* 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  X.509: unpack RSA signatureValue field from BIT STRING
  Smack: Mark inode instant in smack_task_to_inode

2 files changed, 10 insertions, 0 deletions

diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 7d81e6bb461a..b6cabac4b62b 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -249,6 +249,15 @@ int x509_note_signature(void *context, size_t hdrlen,
                 return -EINVAL;
         }
 
+        if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) {
+                /* Discard the BIT STRING metadata */
+                if (vlen < 1 || *(const u8 *)value != 0)
+                        return -EBADMSG;
+
+                value++;
+                vlen--;
+        }
+
         ctx->cert->raw_sig = value;
         ctx->cert->raw_sig_size = vlen;
         return 0;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 7ad226018f51..19de675d4504 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2296,6 +2296,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
         struct smack_known *skp = smk_of_task_struct(p);
 
         isp->smk_inode = skp;
+        isp->smk_flags |= SMK_INODE_INSTANT;
 }
 
 /*