evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/crypto/asymmetric_keys
History
Exact
Eric Biggers 2c2e4b7d27 X.509: reject invalid BIT STRING for subjectPublicKey 
commit 0f30cbea005bd3077bd98cd29277d7fc2699c1da upstream.

Adding a specially crafted X.509 certificate whose subjectPublicKey
ASN.1 value is zero-length caused x509_extract_key_data() to set the
public key size to SIZE_MAX, as it subtracted the nonexistent BIT STRING
metadata byte.  Then, x509_cert_parse() called kmemdup() with that bogus
size, triggering the WARN_ON_ONCE() in kmalloc_slab().

This appears to be harmless, but it still must be fixed since WARNs are
never supposed to be user-triggerable.

Fix it by updating x509_cert_parse() to validate that the value has a
BIT STRING metadata byte, and that the byte is 0 which indicates that
the number of bits in the bitstring is a multiple of 8.

It would be nice to handle the metadata byte in asn1_ber_decoder()
instead.  But that would be tricky because in the general case a BIT
STRING could be implicitly tagged, and/or could legitimately have a
length that is not a whole number of bytes.

Here was the WARN (cleaned up slightly):

    WARNING: CPU: 1 PID: 202 at mm/slab_common.c:971 kmalloc_slab+0x5d/0x70 mm/slab_common.c:971
    Modules linked in:
    CPU: 1 PID: 202 Comm: keyctl Tainted: G    B            4.14.0-09238-g1d3b78bbc6e9 #26
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
    task: ffff880033014180 task.stack: ffff8800305c8000
    Call Trace:
     __do_kmalloc mm/slab.c:3706 [inline]
     __kmalloc_track_caller+0x22/0x2e0 mm/slab.c:3726
     kmemdup+0x17/0x40 mm/util.c:118
     kmemdup include/linux/string.h:414 [inline]
     x509_cert_parse+0x2cb/0x620 crypto/asymmetric_keys/x509_cert_parser.c:106
     x509_key_preparse+0x61/0x750 crypto/asymmetric_keys/x509_public_key.c:174
     asymmetric_key_preparse+0xa4/0x150 crypto/asymmetric_keys/asymmetric_type.c:388
     key_create_or_update+0x4d4/0x10a0 security/keys/key.c:850
     SYSC_add_key security/keys/keyctl.c:122 [inline]
     SyS_add_key+0xe8/0x290 security/keys/keyctl.c:62
     entry_SYSCALL_64_fastpath+0x1f/0x96

Fixes: 42d5ec27f8 ("X.509: Add an ASN.1 decoder")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-16 10:33:48 +01:00
..
.gitignore X.509: Add a crypto key parser for binary (DER) X.509 certificates 2012-10-08 13:50:22 +10:30
asymmetric_keys.h KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
asymmetric_type.c KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
Kconfig crypto: public_key: select CRYPTO_AKCIPHER 2016-06-24 10:18:19 -07:00
Makefile X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
mscode.asn1 pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
mscode_parser.c PKCS#7: Add OIDs for sha224, sha284 and sha512 hash algos and use them 2015-09-01 09:59:20 +10:00
pkcs7.asn1 PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
pkcs7_key_type.c PKCS#7: Add MODULE_LICENSE() to test module 2015-08-13 02:51:33 +01:00
pkcs7_parser.c PKCS#7: fix unitialized boolean 'want' 2017-11-15 17:13:14 +01:00
pkcs7_parser.h PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
pkcs7_trust.c PKCS#7: pkcs7_validate_trust(): initialize the _trusted output argument 2016-04-20 15:41:52 +09:00
pkcs7_verify.c crypto: pkcs7 - Fix unaligned access in pkcs7_verify() 2015-10-14 22:23:38 +08:00
public_key.c KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
public_key.h KEYS: Split public_key_verify_signature() and make available 2013-09-25 17:17:00 +01:00
rsa.c crypto: asymmetric_keys/rsa - Use non-conflicting variable name 2015-06-25 23:18:33 +08:00
signature.c KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
verify_pefile.c PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
verify_pefile.h pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
x509.asn1 X.509: Add bits needed for PKCS#7 2014-07-01 16:40:19 +01:00
x509_akid.asn1 X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_cert_parser.c X.509: reject invalid BIT STRING for subjectPublicKey 2017-12-16 10:33:48 +01:00
x509_parser.h KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
x509_public_key.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2015-11-05 15:32:38 -08:00
x509_rsakey.asn1 X.509: Add a crypto key parser for binary (DER) X.509 certificates 2012-10-08 13:50:22 +10:30