diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/Kconfig | 7 | ||||
| -rw-r--r-- | security/keys/compat_dh.c | 2 | ||||
| -rw-r--r-- | security/keys/dh.c | 5 | ||||
| -rw-r--r-- | security/keys/internal.h | 2 |
4 files changed, 15 insertions, 1 deletions
diff --git a/security/Kconfig b/security/Kconfig index d540bfe73190..e8e449444e65 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
| @@ -163,6 +163,13 @@ config HARDENED_USERCOPY_PAGESPAN | |||
| 163 | been removed. This config is intended to be used only while | 163 | been removed. This config is intended to be used only while |
| 164 | trying to find such users. | 164 | trying to find such users. |
| 165 | 165 | ||
| 166 | config FORTIFY_SOURCE | ||
| 167 | bool "Harden common str/mem functions against buffer overflows" | ||
| 168 | depends on ARCH_HAS_FORTIFY_SOURCE | ||
| 169 | help | ||
| 170 | Detect overflows of buffers in common string and memory functions | ||
| 171 | where the compiler can determine and validate the buffer sizes. | ||
| 172 | |||
| 166 | config STATIC_USERMODEHELPER | 173 | config STATIC_USERMODEHELPER |
| 167 | bool "Force all usermode helper calls through a single binary" | 174 | bool "Force all usermode helper calls through a single binary" |
| 168 | help | 175 | help |
diff --git a/security/keys/compat_dh.c b/security/keys/compat_dh.c index a6a659b6bcb6..aa6b34cafe5f 100644 --- a/security/keys/compat_dh.c +++ b/security/keys/compat_dh.c | |||
| @@ -33,6 +33,8 @@ long compat_keyctl_dh_compute(struct keyctl_dh_params __user *params, | |||
| 33 | kdfcopy.hashname = compat_ptr(compat_kdfcopy.hashname); | 33 | kdfcopy.hashname = compat_ptr(compat_kdfcopy.hashname); |
| 34 | kdfcopy.otherinfo = compat_ptr(compat_kdfcopy.otherinfo); | 34 | kdfcopy.otherinfo = compat_ptr(compat_kdfcopy.otherinfo); |
| 35 | kdfcopy.otherinfolen = compat_kdfcopy.otherinfolen; | 35 | kdfcopy.otherinfolen = compat_kdfcopy.otherinfolen; |
| 36 | memcpy(kdfcopy.__spare, compat_kdfcopy.__spare, | ||
| 37 | sizeof(kdfcopy.__spare)); | ||
| 36 | 38 | ||
| 37 | return __keyctl_dh_compute(params, buffer, buflen, &kdfcopy); | 39 | return __keyctl_dh_compute(params, buffer, buflen, &kdfcopy); |
| 38 | } | 40 | } |
diff --git a/security/keys/dh.c b/security/keys/dh.c index 4755d4b4f945..d1ea9f325f94 100644 --- a/security/keys/dh.c +++ b/security/keys/dh.c | |||
| @@ -266,6 +266,11 @@ long __keyctl_dh_compute(struct keyctl_dh_params __user *params, | |||
| 266 | if (kdfcopy) { | 266 | if (kdfcopy) { |
| 267 | char *hashname; | 267 | char *hashname; |
| 268 | 268 | ||
| 269 | if (memchr_inv(kdfcopy->__spare, 0, sizeof(kdfcopy->__spare))) { | ||
| 270 | ret = -EINVAL; | ||
| 271 | goto out1; | ||
| 272 | } | ||
| 273 | |||
| 269 | if (buflen > KEYCTL_KDF_MAX_OUTPUT_LEN || | 274 | if (buflen > KEYCTL_KDF_MAX_OUTPUT_LEN || |
| 270 | kdfcopy->otherinfolen > KEYCTL_KDF_MAX_OI_LEN) { | 275 | kdfcopy->otherinfolen > KEYCTL_KDF_MAX_OI_LEN) { |
| 271 | ret = -EMSGSIZE; | 276 | ret = -EMSGSIZE; |
diff --git a/security/keys/internal.h b/security/keys/internal.h index 91bc6214ae57..1c02c6547038 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h | |||
| @@ -198,7 +198,7 @@ struct request_key_auth { | |||
| 198 | void *callout_info; | 198 | void *callout_info; |
| 199 | size_t callout_len; | 199 | size_t callout_len; |
| 200 | pid_t pid; | 200 | pid_t pid; |
| 201 | }; | 201 | } __randomize_layout; |
| 202 | 202 | ||
| 203 | extern struct key_type key_type_request_key_auth; | 203 | extern struct key_type key_type_request_key_auth; |
| 204 | extern struct key *request_key_auth_new(struct key *target, | 204 | extern struct key *request_key_auth_new(struct key *target, |