https://github.com/torvalds/linux
Revision 72f9a07b6bfaefdc29fcb75dafa8867a4f6d8317 authored by Eric Biggers on 08 December 2017, 15:13:29 UTC, committed by David Howells on 08 December 2017, 15:13:29 UTC
In public_key_verify_signature(), if akcipher_request_alloc() fails, we return -ENOMEM. But that error code was set 25 lines above, and by accident someone could easily insert new code in between that assigns to 'ret', which would introduce a signature verification bypass. Make the code clearer by moving the -ENOMEM down to where it is used. Additionally, the callers of public_key_verify_signature() only consider a negative return value to be an error. This means that if any positive return value is accidentally introduced deeper in the call stack (e.g. 'return EBADMSG' instead of 'return -EBADMSG' somewhere in RSA), signature verification will be bypassed. Make things more robust by having public_key_verify_signature() warn about positive errors and translate them into -EINVAL. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com>
1 parent a80745a
Tip revision: 72f9a07b6bfaefdc29fcb75dafa8867a4f6d8317 authored by Eric Biggers on 08 December 2017, 15:13:29 UTC
KEYS: be careful with error codes in public_key_verify_signature()
KEYS: be careful with error codes in public_key_verify_signature()
Tip revision: 72f9a07
File | Mode | Size |
---|---|---|
Documentation | ||
arch | ||
block | ||
certs | ||
crypto | ||
drivers | ||
firmware | ||
fs | ||
include | ||
init | ||
ipc | ||
kernel | ||
lib | ||
mm | ||
net | ||
samples | ||
scripts | ||
security | ||
sound | ||
tools | ||
usr | ||
virt | ||
.cocciconfig | -rw-r--r-- | 59 bytes |
.get_maintainer.ignore | -rw-r--r-- | 31 bytes |
.gitattributes | -rw-r--r-- | 30 bytes |
.gitignore | -rw-r--r-- | 1.4 KB |
.mailmap | -rw-r--r-- | 8.8 KB |
COPYING | -rw-r--r-- | 18.3 KB |
CREDITS | -rw-r--r-- | 96.2 KB |
Kbuild | -rw-r--r-- | 2.2 KB |
Kconfig | -rw-r--r-- | 287 bytes |
MAINTAINERS | -rw-r--r-- | 426.0 KB |
Makefile | -rw-r--r-- | 58.3 KB |
README | -rw-r--r-- | 722 bytes |
Computing file changes ...