KEYS: fix "ca_keys=" partial key matching

The call to asymmetric_key_hex_to_key_id() from ca_keys_setup() silently fails with -ENOMEM. Instead of dynamically allocating memory from a __setup function, this patch defines a variable and calls __asymmetric_key_hex_to_key_id(), a new helper function, directly. This bug was introduced by 'commit 46963b774d44 ("KEYS: Overhaul key identification when searching for asymmetric keys")'. Changelog: - for clarification, rename hexlen to asciihexlen in asymmetric_key_hex_to_key_id() - add size argument to __asymmetric_key_hex_to_key_id() - David Howells - inline __asymmetric_key_hex_to_key_id() - David Howells - remove duplicate strlen() calls Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: stable@vger.kernel.org # 3.18
author: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-02-11 07:33:34 -0500
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-05-21 13:58:59 -0400
commit: f2b3dee484f9cee967a54ef05a66866282337519 (patch)
tree: 98af0f7b105fe0971aec9583180c4047ba621c90 /crypto/asymmetric_keys
parent: 7c51bb00c40e5608fb2cdac5230f51aeb56a28df (diff)
3 files changed, 35 insertions, 11 deletions
diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h
index f97330886d58..3f5b537ab33e 100644
--- a/crypto/asymmetric_keys/asymmetric_keys.h
+++ b/crypto/asymmetric_keys/asymmetric_keys.h
@@ -11,6 +11,9 @@
 extern struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id);
+extern int __asymmetric_key_hex_to_key_id(const char *id,
+                                          struct asymmetric_key_id *match_id,
+                                          size_t hexlen);
 static inline
 const struct asymmetric_key_ids *asymmetric_key_ids(const struct key *key)
 {
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index bcbbbd794e1d..b0e4ed23d668 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -104,6 +104,15 @@ static bool asymmetric_match_key_ids(
        return false;
 }
+/* helper function can be called directly with pre-allocated memory */
+inline int __asymmetric_key_hex_to_key_id(const char *id,
+                                   struct asymmetric_key_id *match_id,
+                                   size_t hexlen)
+{
+        match_id->len = hexlen;
+        return hex2bin(match_id->data, id, hexlen);
+}
 /**
 * asymmetric_key_hex_to_key_id - Convert a hex string into a key ID.
 * @id: The ID as a hex string.
@@ -111,21 +120,20 @@ static bool asymmetric_match_key_ids(
 struct asymmetric_key_id *asymmetric_key_hex_to_key_id(const char *id)
 {
        struct asymmetric_key_id *match_id;
-        size_t hexlen;
+        size_t asciihexlen;
        int ret;
        if (!*id)
                return ERR_PTR(-EINVAL);
-        hexlen = strlen(id);
+        asciihexlen = strlen(id);
-        if (hexlen & 1)
+        if (asciihexlen & 1)
                return ERR_PTR(-EINVAL);
-        match_id = kmalloc(sizeof(struct asymmetric_key_id) + hexlen / 2,
+        match_id = kmalloc(sizeof(struct asymmetric_key_id) + asciihexlen / 2,
                           GFP_KERNEL);
        if (!match_id)
                return ERR_PTR(-ENOMEM);
-        match_id->len = hexlen / 2;
+        ret = __asymmetric_key_hex_to_key_id(id, match_id, asciihexlen / 2);
-        ret = hex2bin(match_id->data, id, hexlen / 2);
        if (ret < 0) {
                kfree(match_id);
                return ERR_PTR(-EINVAL);
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index a6c42031628e..24f17e6c5904 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -28,17 +28,30 @@ static bool use_builtin_keys;
 static struct asymmetric_key_id *ca_keyid;
 #ifndef MODULE
+static struct {
+        struct asymmetric_key_id id;
+        unsigned char data[10];
+} cakey;
 static int __init ca_keys_setup(char *str)
 {
        if (!str)               /* default system keyring */
                return 1;
        if (strncmp(str, "id:", 3) == 0) {
-                struct asymmetric_key_id *p;
+                struct asymmetric_key_id *p = &cakey.id;
-                p = asymmetric_key_hex_to_key_id(str + 3);
+                size_t hexlen = (strlen(str) - 3) / 2;
-                if (p == ERR_PTR(-EINVAL))
+                int ret;
-                        pr_err("Unparsable hex string in ca_keys\n");
-                else if (!IS_ERR(p))
+                if (hexlen == 0 || hexlen > sizeof(cakey.data)) {
+                        pr_err("Missing or invalid ca_keys id\n");
+                        return 1;
+                }
+                ret = __asymmetric_key_hex_to_key_id(str + 3, p, hexlen);
+                if (ret < 0)
+                        pr_err("Unparsable ca_keys id hex string\n");
+                else
                        ca_keyid = p;   /* owner key 'id:xxxxxx' */
        } else if (strcmp(str, "builtin") == 0) {
                use_builtin_keys = true;
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2015-02-11 07:33:34 -0500
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2015-05-21 13:58:59 -0400
commit	f2b3dee484f9cee967a54ef05a66866282337519 (patch)
tree	98af0f7b105fe0971aec9583180c4047ba621c90 /crypto/asymmetric_keys
parent	7c51bb00c40e5608fb2cdac5230f51aeb56a28df (diff)

diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h index f97330886d58..3f5b537ab33e 100644 --- a/crypto/asymmetric_keys/asymmetric_keys.h +++ b/crypto/asymmetric_keys/asymmetric_keys.h
@@ -11,6 +11,9 @@
11		11
12	extern struct asymmetric_key_id asymmetric_key_hex_to_key_id(const char id);	12	extern struct asymmetric_key_id asymmetric_key_hex_to_key_id(const char id);
13		13
		14	extern int __asymmetric_key_hex_to_key_id(const char *id,
		15	struct asymmetric_key_id *match_id,
		16	size_t hexlen);
14	static inline	17	static inline
15	const struct asymmetric_key_ids asymmetric_key_ids(const struct key key)	18	const struct asymmetric_key_ids asymmetric_key_ids(const struct key key)
16	{	19	{


diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index bcbbbd794e1d..b0e4ed23d668 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -104,6 +104,15 @@ static bool asymmetric_match_key_ids(
104	return false;	104	return false;
105	}	105	}
106		106
		107	/* helper function can be called directly with pre-allocated memory */
		108	inline int __asymmetric_key_hex_to_key_id(const char *id,
		109	struct asymmetric_key_id *match_id,
		110	size_t hexlen)
		111	{
		112	match_id->len = hexlen;
		113	return hex2bin(match_id->data, id, hexlen);
		114	}
		115
107	/**	116	/**
108	* asymmetric_key_hex_to_key_id - Convert a hex string into a key ID.	117	* asymmetric_key_hex_to_key_id - Convert a hex string into a key ID.
109	* @id: The ID as a hex string.	118	* @id: The ID as a hex string.
@@ -111,21 +120,20 @@ static bool asymmetric_match_key_ids(
111	struct asymmetric_key_id asymmetric_key_hex_to_key_id(const char id)	120	struct asymmetric_key_id asymmetric_key_hex_to_key_id(const char id)
112	{	121	{
113	struct asymmetric_key_id *match_id;	122	struct asymmetric_key_id *match_id;
114	size_t hexlen;	123	size_t asciihexlen;
115	int ret;	124	int ret;
116		125
117	if (!*id)	126	if (!*id)
118	return ERR_PTR(-EINVAL);	127	return ERR_PTR(-EINVAL);
119	hexlen = strlen(id);	128	asciihexlen = strlen(id);
120	if (hexlen & 1)	129	if (asciihexlen & 1)
121	return ERR_PTR(-EINVAL);	130	return ERR_PTR(-EINVAL);
122		131
123	match_id = kmalloc(sizeof(struct asymmetric_key_id) + hexlen / 2,	132	match_id = kmalloc(sizeof(struct asymmetric_key_id) + asciihexlen / 2,
124	GFP_KERNEL);	133	GFP_KERNEL);
125	if (!match_id)	134	if (!match_id)
126	return ERR_PTR(-ENOMEM);	135	return ERR_PTR(-ENOMEM);
127	match_id->len = hexlen / 2;	136	ret = __asymmetric_key_hex_to_key_id(id, match_id, asciihexlen / 2);
128	ret = hex2bin(match_id->data, id, hexlen / 2);
129	if (ret < 0) {	137	if (ret < 0) {
130	kfree(match_id);	138	kfree(match_id);
131	return ERR_PTR(-EINVAL);	139	return ERR_PTR(-EINVAL);


diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index a6c42031628e..24f17e6c5904 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -28,17 +28,30 @@ static bool use_builtin_keys;
28	static struct asymmetric_key_id *ca_keyid;	28	static struct asymmetric_key_id *ca_keyid;
29		29
30	#ifndef MODULE	30	#ifndef MODULE
		31	static struct {
		32	struct asymmetric_key_id id;
		33	unsigned char data[10];
		34	} cakey;
		35
31	static int __init ca_keys_setup(char *str)	36	static int __init ca_keys_setup(char *str)
32	{	37	{
33	if (!str) /* default system keyring */	38	if (!str) /* default system keyring */
34	return 1;	39	return 1;
35		40
36	if (strncmp(str, "id:", 3) == 0) {	41	if (strncmp(str, "id:", 3) == 0) {
37	struct asymmetric_key_id *p;	42	struct asymmetric_key_id *p = &cakey.id;
38	p = asymmetric_key_hex_to_key_id(str + 3);	43	size_t hexlen = (strlen(str) - 3) / 2;
39	if (p == ERR_PTR(-EINVAL))	44	int ret;
40	pr_err("Unparsable hex string in ca_keys\n");	45
41	else if (!IS_ERR(p))	46	if (hexlen == 0 \|\| hexlen > sizeof(cakey.data)) {
		47	pr_err("Missing or invalid ca_keys id\n");
		48	return 1;
		49	}
		50
		51	ret = __asymmetric_key_hex_to_key_id(str + 3, p, hexlen);
		52	if (ret < 0)
		53	pr_err("Unparsable ca_keys id hex string\n");
		54	else
42	ca_keyid = p; /* owner key 'id:xxxxxx' */	55	ca_keyid = p; /* owner key 'id:xxxxxx' */
43	} else if (strcmp(str, "builtin") == 0) {	56	} else if (strcmp(str, "builtin") == 0) {
44	use_builtin_keys = true;	57	use_builtin_keys = true;