diff options
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-09-20 11:23:52 -0400 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-09-20 23:26:05 -0400 |
| commit | 2684bf7f29cfb13ef2c60f3b3a53ee47d0db7022 (patch) | |
| tree | bbdc0709c643e58a22443ab086c6e4aa80329e17 | |
| parent | b78049831ffed65f0b4e61f69df14f3ab17922cb (diff) | |
trusted-keys: check hex2bin result
For each hex2bin call in trusted keys, check that the ascii hex string is
valid. On failure, return -EINVAL.
Changelog v1:
- hex2bin now returns an int
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com>
| -rw-r--r-- | security/keys/trusted.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/security/keys/trusted.c b/security/keys/trusted.c index 0c33e2ea1f3..0964fc23694 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c | |||
| @@ -779,7 +779,10 @@ static int getoptions(char *c, struct trusted_key_payload *pay, | |||
| 779 | opt->pcrinfo_len = strlen(args[0].from) / 2; | 779 | opt->pcrinfo_len = strlen(args[0].from) / 2; |
| 780 | if (opt->pcrinfo_len > MAX_PCRINFO_SIZE) | 780 | if (opt->pcrinfo_len > MAX_PCRINFO_SIZE) |
| 781 | return -EINVAL; | 781 | return -EINVAL; |
| 782 | hex2bin(opt->pcrinfo, args[0].from, opt->pcrinfo_len); | 782 | res = hex2bin(opt->pcrinfo, args[0].from, |
| 783 | opt->pcrinfo_len); | ||
| 784 | if (res < 0) | ||
| 785 | return -EINVAL; | ||
| 783 | break; | 786 | break; |
| 784 | case Opt_keyhandle: | 787 | case Opt_keyhandle: |
| 785 | res = strict_strtoul(args[0].from, 16, &handle); | 788 | res = strict_strtoul(args[0].from, 16, &handle); |
| @@ -791,12 +794,18 @@ static int getoptions(char *c, struct trusted_key_payload *pay, | |||
| 791 | case Opt_keyauth: | 794 | case Opt_keyauth: |
| 792 | if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE) | 795 | if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE) |
| 793 | return -EINVAL; | 796 | return -EINVAL; |
| 794 | hex2bin(opt->keyauth, args[0].from, SHA1_DIGEST_SIZE); | 797 | res = hex2bin(opt->keyauth, args[0].from, |
| 798 | SHA1_DIGEST_SIZE); | ||
| 799 | if (res < 0) | ||
| 800 | return -EINVAL; | ||
| 795 | break; | 801 | break; |
| 796 | case Opt_blobauth: | 802 | case Opt_blobauth: |
| 797 | if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE) | 803 | if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE) |
| 798 | return -EINVAL; | 804 | return -EINVAL; |
| 799 | hex2bin(opt->blobauth, args[0].from, SHA1_DIGEST_SIZE); | 805 | res = hex2bin(opt->blobauth, args[0].from, |
| 806 | SHA1_DIGEST_SIZE); | ||
| 807 | if (res < 0) | ||
| 808 | return -EINVAL; | ||
| 800 | break; | 809 | break; |
| 801 | case Opt_migratable: | 810 | case Opt_migratable: |
| 802 | if (*args[0].from == '0') | 811 | if (*args[0].from == '0') |
| @@ -860,7 +869,9 @@ static int datablob_parse(char *datablob, struct trusted_key_payload *p, | |||
| 860 | p->blob_len = strlen(c) / 2; | 869 | p->blob_len = strlen(c) / 2; |
| 861 | if (p->blob_len > MAX_BLOB_SIZE) | 870 | if (p->blob_len > MAX_BLOB_SIZE) |
| 862 | return -EINVAL; | 871 | return -EINVAL; |
| 863 | hex2bin(p->blob, c, p->blob_len); | 872 | ret = hex2bin(p->blob, c, p->blob_len); |
| 873 | if (ret < 0) | ||
| 874 | return -EINVAL; | ||
| 864 | ret = getoptions(datablob, p, o); | 875 | ret = getoptions(datablob, p, o); |
| 865 | if (ret < 0) | 876 | if (ret < 0) |
| 866 | return ret; | 877 | return ret; |