Skip to main content

Browse the archive

https://github.com/torvalds/linux
23 October 2021, 00:29:24 UTC
Revision 72f9a07b6bfaefdc29fcb75dafa8867a4f6d8317 authored by Eric Biggers on 08 December 2017, 15:13:29 UTC, committed by David Howells on 08 December 2017, 15:13:29 UTC 
KEYS: be careful with error codes in public_key_verify_signature()
 
In public_key_verify_signature(), if akcipher_request_alloc() fails, we
return -ENOMEM.  But that error code was set 25 lines above, and by
accident someone could easily insert new code in between that assigns to
'ret', which would introduce a signature verification bypass.  Make the
code clearer by moving the -ENOMEM down to where it is used.

Additionally, the callers of public_key_verify_signature() only consider
a negative return value to be an error.  This means that if any positive
return value is accidentally introduced deeper in the call stack (e.g.
'return EBADMSG' instead of 'return -EBADMSG' somewhere in RSA),
signature verification will be bypassed.  Make things more robust by
having public_key_verify_signature() warn about positive errors and
translate them into -EINVAL.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
1 parent a80745a
History
Tip revision: 72f9a07b6bfaefdc29fcb75dafa8867a4f6d8317 authored by Eric Biggers on 08 December 2017, 15:13:29 UTC
KEYS: be careful with error codes in public_key_verify_signature()
Tip revision: 72f9a07
File Mode Size
Documentation
arch
block
certs
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt
.cocciconfig -rw-r--r-- 59 bytes
.get_maintainer.ignore -rw-r--r-- 31 bytes
.gitattributes -rw-r--r-- 30 bytes
.gitignore -rw-r--r-- 1.4 KB
.mailmap -rw-r--r-- 8.8 KB
COPYING -rw-r--r-- 18.3 KB
CREDITS -rw-r--r-- 96.2 KB
Kbuild -rw-r--r-- 2.2 KB
Kconfig -rw-r--r-- 287 bytes
MAINTAINERS -rw-r--r-- 426.0 KB
Makefile -rw-r--r-- 58.3 KB
README -rw-r--r-- 722 bytes

README

back to top