From 94c13f66e13ca0f3d5b7b9e7e385fe5db35abe3c Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Mon, 17 Dec 2018 11:39:57 -0800 Subject: security: don't use a negative Opt_err token index The code uses a bitmap to check for duplicate tokens during parsing, and that doesn't work at all for the negative Opt_err token case. There is absolutely no reason to make Opt_err be negative, and in fact it only confuses things, since some of the affected functions actually return a positive Opt_xyz enum _or_ a regular negative error code (eg -EINVAL), and using -1 for Opt_err makes no sense. There are similar problems in ima_policy.c and key encryption, but they don't have the immediate bug wrt bitmap handing, and ima_policy.c in particular needs a different patch to make the enum values match the token array index. Mimi is sending that separately. Reported-by: syzbot+a22e0dc07567662c50bc@syzkaller.appspotmail.com Reported-by: Eric Biggers Fixes: 5208cc83423d ("keys, trusted: fix: *do not* allow duplicate key options") Fixes: 00d60fd3b932 ("KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2]") Cc: James Morris James Morris Cc: Mimi Zohar Cc: Jarkko Sakkinen Cc: Peter Huewe Signed-off-by: Linus Torvalds --- security/keys/keyctl_pkey.c | 2 +- security/keys/trusted.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'security') diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c index 783978842f13..70e65a2ff207 100644 --- a/security/keys/keyctl_pkey.c +++ b/security/keys/keyctl_pkey.c @@ -25,7 +25,7 @@ static void keyctl_pkey_params_free(struct kernel_pkey_params *params) } enum { - Opt_err = -1, + Opt_err, Opt_enc, /* "enc=" eg. "enc=oaep" */ Opt_hash, /* "hash=" eg. "hash=sha1" */ }; diff --git a/security/keys/trusted.c b/security/keys/trusted.c index ff6789365a12..697bfc6c8192 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -711,7 +711,7 @@ static int key_unseal(struct trusted_key_payload *p, } enum { - Opt_err = -1, + Opt_err, Opt_new, Opt_load, Opt_update, Opt_keyhandle, Opt_keyauth, Opt_blobauth, Opt_pcrinfo, Opt_pcrlock, Opt_migratable, -- cgit v1.2.3 From 1a9430db2835c0c00acc87d915b573496998c1bf Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Mon, 17 Dec 2018 19:14:49 -0500 Subject: ima: cleanup the match_token policy code Start the policy_tokens and the associated enumeration from zero, simplifying the pt macro. Signed-off-by: Mimi Zohar Signed-off-by: Linus Torvalds --- security/integrity/ima/ima_policy.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 8c9499867c91..7489cb7de6dc 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -580,9 +580,9 @@ void ima_update_policy(void) ima_update_policy_flag(); } +/* Keep the enumeration in sync with the policy_tokens! */ enum { - Opt_err = -1, - Opt_measure = 1, Opt_dont_measure, + Opt_measure, Opt_dont_measure, Opt_appraise, Opt_dont_appraise, Opt_audit, Opt_hash, Opt_dont_hash, Opt_obj_user, Opt_obj_role, Opt_obj_type, @@ -592,10 +592,10 @@ enum { Opt_uid_gt, Opt_euid_gt, Opt_fowner_gt, Opt_uid_lt, Opt_euid_lt, Opt_fowner_lt, Opt_appraise_type, Opt_permit_directio, - Opt_pcr + Opt_pcr, Opt_err }; -static match_table_t policy_tokens = { +static const match_table_t policy_tokens = { {Opt_measure, "measure"}, {Opt_dont_measure, "dont_measure"}, {Opt_appraise, "appraise"}, @@ -1103,7 +1103,7 @@ void ima_policy_stop(struct seq_file *m, void *v) { } -#define pt(token) policy_tokens[token + Opt_err].pattern +#define pt(token) policy_tokens[token].pattern #define mt(token) mask_tokens[token] /* -- cgit v1.2.3