evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/crypto
History
Eric Biggers 2c2e4b7d27 X.509: reject invalid BIT STRING for subjectPublicKey 
commit 0f30cbea005bd3077bd98cd29277d7fc2699c1da upstream.

Adding a specially crafted X.509 certificate whose subjectPublicKey
ASN.1 value is zero-length caused x509_extract_key_data() to set the
public key size to SIZE_MAX, as it subtracted the nonexistent BIT STRING
metadata byte.  Then, x509_cert_parse() called kmemdup() with that bogus
size, triggering the WARN_ON_ONCE() in kmalloc_slab().

This appears to be harmless, but it still must be fixed since WARNs are
never supposed to be user-triggerable.

Fix it by updating x509_cert_parse() to validate that the value has a
BIT STRING metadata byte, and that the byte is 0 which indicates that
the number of bits in the bitstring is a multiple of 8.

It would be nice to handle the metadata byte in asn1_ber_decoder()
instead.  But that would be tricky because in the general case a BIT
STRING could be implicitly tagged, and/or could legitimately have a
length that is not a whole number of bytes.

Here was the WARN (cleaned up slightly):

    WARNING: CPU: 1 PID: 202 at mm/slab_common.c:971 kmalloc_slab+0x5d/0x70 mm/slab_common.c:971
    Modules linked in:
    CPU: 1 PID: 202 Comm: keyctl Tainted: G    B            4.14.0-09238-g1d3b78bbc6e9 #26
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
    task: ffff880033014180 task.stack: ffff8800305c8000
    Call Trace:
     __do_kmalloc mm/slab.c:3706 [inline]
     __kmalloc_track_caller+0x22/0x2e0 mm/slab.c:3726
     kmemdup+0x17/0x40 mm/util.c:118
     kmemdup include/linux/string.h:414 [inline]
     x509_cert_parse+0x2cb/0x620 crypto/asymmetric_keys/x509_cert_parser.c:106
     x509_key_preparse+0x61/0x750 crypto/asymmetric_keys/x509_public_key.c:174
     asymmetric_key_preparse+0xa4/0x150 crypto/asymmetric_keys/asymmetric_type.c:388
     key_create_or_update+0x4d4/0x10a0 security/keys/key.c:850
     SYSC_add_key security/keys/keyctl.c:122 [inline]
     SyS_add_key+0xe8/0x290 security/keys/keyctl.c:62
     entry_SYSCALL_64_fastpath+0x1f/0x96

Fixes: 42d5ec27f8 ("X.509: Add an ASN.1 decoder")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-16 10:33:48 +01:00
..
asymmetric_keys X.509: reject invalid BIT STRING for subjectPublicKey 2017-12-16 10:33:48 +01:00
async_tx async_pq_val: fix DMA memory leak 2016-10-22 12:26:55 +02:00
.gitignore crypto: rsa - add .gitignore for crypto/*.-asn1.[ch] files 2015-06-25 23:29:24 +08:00
842.c crypto: 842 - change 842 alg to use software 2015-05-11 15:06:43 +08:00
ablk_helper.c crypto: cryptd - process CRYPTO_ALG_INTERNAL 2015-03-31 21:21:04 +08:00
ablkcipher.c crypto: skcipher - Copy iv from desc even for 0-len walks 2015-12-09 20:16:22 +08:00
aead.c crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag 2015-08-17 16:53:53 +08:00
aes_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
af_alg.c crypto: af_alg - Forbid bind(2) when nokey child sockets are present 2016-02-17 12:31:04 -08:00
ahash.c crypto: ahash - Fix EINPROGRESS notification callback 2017-04-21 09:30:06 +02:00
akcipher.c crypto: akcipher - Don't #include crypto/public_key.h as the contents aren't used 2015-10-20 22:14:01 +08:00
algapi.c crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg 2017-02-09 08:02:44 +01:00
algboss.c crypto: algboss - Remove reference to nivaead 2015-08-17 16:53:41 +08:00
algif_aead.c crypto: algif_aead - Require setkey before accept(2) 2017-05-20 14:27:00 +02:00
algif_hash.c crypto: algif_hash - avoid zero-sized array 2017-03-30 09:35:20 +02:00
algif_rng.c crypto: algif_rng - Remove obsolete const-removal cast 2015-04-22 09:30:21 +08:00
algif_skcipher.c crypto: AF_ALG - remove SGL terminator indicator when chaining 2017-09-27 11:00:14 +02:00
ansi_cprng.c crypto: ansi_cprng - Convert to new rng interface 2015-04-22 09:30:18 +08:00
anubis.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
api.c crypto: api - Only abort operations on fatal signal 2015-10-20 21:59:25 +08:00
arc4.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
authenc.c crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag 2015-08-17 16:53:53 +08:00
authencesn.c crypto: authencesn - Fix digest_null crash 2017-08-06 19:19:39 -07:00
blkcipher.c crypto: skcipher - Fix blkcipher walk OOM crash 2016-09-30 10:18:34 +02:00
blowfish_common.c
blowfish_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
camellia_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast5_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast6_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast_common.c
cbc.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
ccm.c crypto: replace scatterwalk_sg_chain with sg_chain 2015-08-17 08:12:54 -06:00
chacha20_generic.c crypto: chacha20 - Export common ChaCha20 helpers 2015-07-17 21:20:21 +08:00
chacha20poly1305.c crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag 2015-08-17 16:53:53 +08:00
chainiv.c crypto: chainiv - Offer normal cipher functionality without RNG 2015-06-22 15:49:28 +08:00
cipher.c
cmac.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
compress.c
crc32.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
crc32c_generic.c crypto: crc32c - Fix crc32c soft dependency 2016-02-17 12:31:04 -08:00
crct10dif_common.c
crct10dif_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cryptd.c crypto: cryptd - Assign statesize properly 2017-03-26 12:13:17 +02:00
crypto_null.c crypto: null - Add default null skcipher 2015-05-22 11:25:55 +08:00
crypto_user.c crypto: user - re-add size check for CRYPTO_MSG_GETALG 2016-07-11 09:31:12 -07:00
crypto_wq.c
ctr.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
cts.c crypto: cts - Weed out non-CBC algorithms 2015-01-20 14:44:15 +11:00
deflate.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
des_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
drbg.c crypto: drbg - report backend_cra_name when allocation fails 2015-06-11 21:55:28 +08:00
ecb.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
echainiv.c crypto: echainiv - Replace chaining with multiplication 2016-09-30 10:18:34 +02:00
eseqiv.c crypto: eseqiv - Offer normal cipher functionality without RNG 2015-06-22 15:49:28 +08:00
fcrypt.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
fips.c crypto: fips - Move fips_enabled sysctl into fips.c 2015-04-23 14:18:09 +08:00
gcm.c crypto: gcm - wait for crypto op not signal safe 2017-06-14 13:16:21 +02:00
gf128mul.c
ghash-generic.c crypto: ghash-generic - move common definitions to a new header file 2016-10-22 12:26:56 +02:00
hash_info.c
hmac.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
internal.h crypto: api - Remove linux/fips.h from internal.h 2015-04-23 14:18:10 +08:00
jitterentropy-kcapi.c crypto: jitterentropy - remove unnecessary information from a comment 2015-10-14 22:23:16 +08:00
jitterentropy.c crypto: jitterentropy - Delete unnecessary checks before the function call "kzfree" 2015-06-25 23:18:33 +08:00
Kconfig Revert "crypto: xts - Add ECB dependency" 2017-11-21 09:21:22 +01:00
keywrap.c crypto: keywrap - memzero the correct memory 2016-04-12 09:08:45 -07:00
khazad.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
lrw.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
lz4.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
lz4hc.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
lzo.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
Makefile crypto: improve gcc optimization flags for serpent and wp512 2017-03-18 19:09:56 +08:00
mcryptd.c crypto: mcryptd - Fix load failure 2017-03-26 12:13:17 +02:00
md4.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
md5.c crypto: md5 - use md5 IV MD5_HX instead of their raw value 2015-05-18 12:20:18 +08:00
memneq.c
michael_mic.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
pcbc.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
pcompress.c crypto: pcomp - Use crypto_alg_extsize helper 2015-04-21 10:19:55 +08:00
pcrypt.c crypto: aead - Remove CRYPTO_ALG_AEAD_NEW flag 2015-08-17 16:53:53 +08:00
poly1305_generic.c crypto: poly1305 - Export common Poly1305 helpers 2015-07-17 21:20:26 +08:00
proc.c crypto: fips - Move fips_enabled sysctl into fips.c 2015-04-23 14:18:09 +08:00
ripemd.h
rmd128.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd160.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd256.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd320.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rng.c crypto: rng - Do not free default RNG when it becomes unused 2015-06-22 15:49:18 +08:00
rsa.c crypto: akcipher - Changes to asymmetric key API 2015-10-14 22:23:16 +08:00
rsa_helper.c crypto: akcipher - Changes to asymmetric key API 2015-10-14 22:23:16 +08:00
rsaprivkey.asn1 crypto: akcipher - Changes to asymmetric key API 2015-10-14 22:23:16 +08:00
rsapubkey.asn1 crypto: akcipher - Changes to asymmetric key API 2015-10-14 22:23:16 +08:00
salsa20_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
scatterwalk.c crypto: scatterwalk - Fix test in scatterwalk_done 2016-08-16 09:30:50 +02:00
seed.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
seqiv.c crypto: seqiv - Use generic geniv init/exit helpers 2015-08-17 16:53:46 +08:00
serpent_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
sha1_generic.c crypto: sha1-generic - move to generic glue implementation 2015-04-10 21:39:40 +08:00
sha256_generic.c crypto: sha256-generic - move to generic glue implementation 2015-04-10 21:39:41 +08:00
sha512_generic.c crypto: sha512-generic - move to generic glue implementation 2015-04-10 21:39:41 +08:00
shash.c crypto: shash - Fix zero-length shash ahash digest crash 2017-10-18 09:20:41 +02:00
skcipher.c crypto: skcipher - Add crypto_skcipher_has_setkey 2016-02-17 12:31:03 -08:00
tcrypt.c crypto: tcrypt - avoid mapping from module image addresses 2015-09-21 22:00:36 +08:00
tcrypt.h crypto: tcrypt - Add ChaCha20/Poly1305 speed tests 2015-07-17 21:20:20 +08:00
tea.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
testmgr.c crypto: testmgr - fix out of bound read in __test_aead() 2017-05-02 21:19:48 -07:00
testmgr.h crypto: testmgr - Pad aes_ccm_enc_tv_template vector 2017-03-12 06:37:28 +01:00
tgr192.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
twofish_common.c
twofish_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
vmac.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
wp512.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
xcbc.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
xor.c
xts.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
zlib.c crypto: pcomp - Constify (de)compression parameters 2015-05-01 11:16:37 +08:00