summaryrefslogtreecommitdiffstats
path: root/crypto/asymmetric_keys/x509_public_key.c
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2015-02-11 13:33:34 +0100
committerMimi Zohar <zohar@linux.vnet.ibm.com>2015-05-21 19:58:59 +0200
commitf2b3dee484f9cee967a54ef05a66866282337519 (patch)
tree98af0f7b105fe0971aec9583180c4047ba621c90 /crypto/asymmetric_keys/x509_public_key.c
parentevm: fix potential race when removing xattrs (diff)
downloadlinux-f2b3dee484f9cee967a54ef05a66866282337519.tar.xz
linux-f2b3dee484f9cee967a54ef05a66866282337519.zip
KEYS: fix "ca_keys=" partial key matching
The call to asymmetric_key_hex_to_key_id() from ca_keys_setup() silently fails with -ENOMEM. Instead of dynamically allocating memory from a __setup function, this patch defines a variable and calls __asymmetric_key_hex_to_key_id(), a new helper function, directly. This bug was introduced by 'commit 46963b774d44 ("KEYS: Overhaul key identification when searching for asymmetric keys")'. Changelog: - for clarification, rename hexlen to asciihexlen in asymmetric_key_hex_to_key_id() - add size argument to __asymmetric_key_hex_to_key_id() - David Howells - inline __asymmetric_key_hex_to_key_id() - David Howells - remove duplicate strlen() calls Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: stable@vger.kernel.org # 3.18
Diffstat (limited to 'crypto/asymmetric_keys/x509_public_key.c')
-rw-r--r--crypto/asymmetric_keys/x509_public_key.c23
1 files changed, 18 insertions, 5 deletions
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index a6c42031628e..24f17e6c5904 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -28,17 +28,30 @@ static bool use_builtin_keys;
static struct asymmetric_key_id *ca_keyid;
#ifndef MODULE
+static struct {
+ struct asymmetric_key_id id;
+ unsigned char data[10];
+} cakey;
+
static int __init ca_keys_setup(char *str)
{
if (!str) /* default system keyring */
return 1;
if (strncmp(str, "id:", 3) == 0) {
- struct asymmetric_key_id *p;
- p = asymmetric_key_hex_to_key_id(str + 3);
- if (p == ERR_PTR(-EINVAL))
- pr_err("Unparsable hex string in ca_keys\n");
- else if (!IS_ERR(p))
+ struct asymmetric_key_id *p = &cakey.id;
+ size_t hexlen = (strlen(str) - 3) / 2;
+ int ret;
+
+ if (hexlen == 0 || hexlen > sizeof(cakey.data)) {
+ pr_err("Missing or invalid ca_keys id\n");
+ return 1;
+ }
+
+ ret = __asymmetric_key_hex_to_key_id(str + 3, p, hexlen);
+ if (ret < 0)
+ pr_err("Unparsable ca_keys id hex string\n");
+ else
ca_keyid = p; /* owner key 'id:xxxxxx' */
} else if (strcmp(str, "builtin") == 0) {
use_builtin_keys = true;
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 18:43:29 +0100