aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2011-09-20 11:23:52 -0400
committerMimi Zohar <zohar@linux.vnet.ibm.com>2011-09-20 23:26:05 -0400
commit2684bf7f29cfb13ef2c60f3b3a53ee47d0db7022 (patch)
treebbdc0709c643e58a22443ab086c6e4aa80329e17 /security/keys
parentb78049831ffed65f0b4e61f69df14f3ab17922cb (diff)
trusted-keys: check hex2bin result
For each hex2bin call in trusted keys, check that the ascii hex string is valid. On failure, return -EINVAL. Changelog v1: - hex2bin now returns an int Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Diffstat (limited to 'security/keys')
-rw-r--r--security/keys/trusted.c19
1 files changed, 15 insertions, 4 deletions
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 0c33e2ea1f3c..0964fc236946 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -779,7 +779,10 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
779 opt->pcrinfo_len = strlen(args[0].from) / 2; 779 opt->pcrinfo_len = strlen(args[0].from) / 2;
780 if (opt->pcrinfo_len > MAX_PCRINFO_SIZE) 780 if (opt->pcrinfo_len > MAX_PCRINFO_SIZE)
781 return -EINVAL; 781 return -EINVAL;
782 hex2bin(opt->pcrinfo, args[0].from, opt->pcrinfo_len); 782 res = hex2bin(opt->pcrinfo, args[0].from,
783 opt->pcrinfo_len);
784 if (res < 0)
785 return -EINVAL;
783 break; 786 break;
784 case Opt_keyhandle: 787 case Opt_keyhandle:
785 res = strict_strtoul(args[0].from, 16, &handle); 788 res = strict_strtoul(args[0].from, 16, &handle);
@@ -791,12 +794,18 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
791 case Opt_keyauth: 794 case Opt_keyauth:
792 if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE) 795 if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
793 return -EINVAL; 796 return -EINVAL;
794 hex2bin(opt->keyauth, args[0].from, SHA1_DIGEST_SIZE); 797 res = hex2bin(opt->keyauth, args[0].from,
798 SHA1_DIGEST_SIZE);
799 if (res < 0)
800 return -EINVAL;
795 break; 801 break;
796 case Opt_blobauth: 802 case Opt_blobauth:
797 if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE) 803 if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
798 return -EINVAL; 804 return -EINVAL;
799 hex2bin(opt->blobauth, args[0].from, SHA1_DIGEST_SIZE); 805 res = hex2bin(opt->blobauth, args[0].from,
806 SHA1_DIGEST_SIZE);
807 if (res < 0)
808 return -EINVAL;
800 break; 809 break;
801 case Opt_migratable: 810 case Opt_migratable:
802 if (*args[0].from == '0') 811 if (*args[0].from == '0')
@@ -860,7 +869,9 @@ static int datablob_parse(char *datablob, struct trusted_key_payload *p,
860 p->blob_len = strlen(c) / 2; 869 p->blob_len = strlen(c) / 2;
861 if (p->blob_len > MAX_BLOB_SIZE) 870 if (p->blob_len > MAX_BLOB_SIZE)
862 return -EINVAL; 871 return -EINVAL;
863 hex2bin(p->blob, c, p->blob_len); 872 ret = hex2bin(p->blob, c, p->blob_len);
873 if (ret < 0)
874 return -EINVAL;
864 ret = getoptions(datablob, p, o); 875 ret = getoptions(datablob, p, o);
865 if (ret < 0) 876 if (ret < 0)
866 return ret; 877 return ret;