[PATCH 1/3] lib: add error checking to hex2bin

[PATCH 1/3] lib: add error checking to hex2bin

[Mimi Zohar]

hex2bin converts a hexadecimal string to its binary representation.
The original version of hex2bin did not do any error checking.  This
patch adds error checking and returns the result.

Changelog:
- add __must_check compiler option (Andy Shevchenko's suggestion)
- change function API to return error checking result

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
 include/linux/kernel.h |    2 +-
 lib/hexdump.c          |   15 +++++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 46ac9a5..8eefcf7 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -382,7 +382,7 @@ static inline char *pack_hex_byte(char *buf, u8 byte)
 }
 
 extern int hex_to_bin(char ch);
-extern void hex2bin(u8 *dst, const char *src, size_t count);
+extern int __must_check hex2bin(u8 *dst, const char *src, size_t count);
 
 /*
  * General tracing related utility functions - trace_printk(),
diff --git a/lib/hexdump.c b/lib/hexdump.c
index f5fe6ba..51d5ae2 100644
--- a/lib/hexdump.c
+++ b/lib/hexdump.c
@@ -38,14 +38,21 @@ EXPORT_SYMBOL(hex_to_bin);
  * @dst: binary result
  * @src: ascii hexadecimal string
  * @count: result length
+ *
+ * Return 0 on success, -1 in case of bad input.
  */
-void hex2bin(u8 *dst, const char *src, size_t count)
+int hex2bin(u8 *dst, const char *src, size_t count)
 {
 	while (count--) {
-		*dst = hex_to_bin(*src++) << 4;
-		*dst += hex_to_bin(*src++);
-		dst++;
+		int hi = hex_to_bin(*src++);
+		int lo = hex_to_bin(*src++);
+
+		if ((hi < 0) || (lo < 0))
+			return -1;
+
+		*dst++ = (hi << 4) | lo;
 	}
+	return 0;
 }
 EXPORT_SYMBOL(hex2bin);
 
-- 
1.7.3.4

[PATCH 2/3] trusted-keys: check hex2bin result

[Mimi Zohar]

From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

For each hex2bin call in trusted keys, check that the ascii hex string is
valid.  On failure, return -EINVAL.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
 security/keys/trusted.c |   15 +++++++++++----
 1 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 0c33e2e..9b847e1 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -779,7 +779,9 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
 			opt->pcrinfo_len = strlen(args[0].from) / 2;
 			if (opt->pcrinfo_len > MAX_PCRINFO_SIZE)
 				return -EINVAL;
-			hex2bin(opt->pcrinfo, args[0].from, opt->pcrinfo_len);
+			if (!hex2bin(opt->pcrinfo, args[0].from,
+				     opt->pcrinfo_len))
+				return -EINVAL;
 			break;
 		case Opt_keyhandle:
 			res = strict_strtoul(args[0].from, 16, &handle);
@@ -791,12 +793,16 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
 		case Opt_keyauth:
 			if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
 				return -EINVAL;
-			hex2bin(opt->keyauth, args[0].from, SHA1_DIGEST_SIZE);
+			if (!hex2bin(opt->keyauth, args[0].from,
+				     SHA1_DIGEST_SIZE))
+				return -EINVAL;
 			break;
 		case Opt_blobauth:
 			if (strlen(args[0].from) != 2 * SHA1_DIGEST_SIZE)
 				return -EINVAL;
-			hex2bin(opt->blobauth, args[0].from, SHA1_DIGEST_SIZE);
+			if (!hex2bin(opt->blobauth, args[0].from,
+				     SHA1_DIGEST_SIZE))
+				return -EINVAL;
 			break;
 		case Opt_migratable:
 			if (*args[0].from == '0')
@@ -860,7 +866,8 @@ static int datablob_parse(char *datablob, struct trusted_key_payload *p,
 		p->blob_len = strlen(c) / 2;
 		if (p->blob_len > MAX_BLOB_SIZE)
 			return -EINVAL;
-		hex2bin(p->blob, c, p->blob_len);
+		if (!hex2bin(p->blob, c, p->blob_len))
+			return -EINVAL;
 		ret = getoptions(datablob, p, o);
 		if (ret < 0)
 			return ret;
-- 
1.7.3.4

[PATCH 3/3] encrypted-keys: check hex2bin result

[Mimi Zohar]

From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

For each hex2bin call in encrypted keys, check that the ascii hex string
is valid.  On failure, return -EINVAL.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
 security/keys/encrypted-keys/encrypted.c |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 3f57795..cd654d9 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -667,11 +667,16 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
 		return -EINVAL;
 
 	hex_encoded_data = hex_encoded_iv + (2 * ivsize) + 2;
-	hex2bin(epayload->iv, hex_encoded_iv, ivsize);
-	hex2bin(epayload->encrypted_data, hex_encoded_data, encrypted_datalen);
+	if (!hex2bin(epayload->iv, hex_encoded_iv, ivsize))
+		return -EINVAL;
+	if (!hex2bin(epayload->encrypted_data, hex_encoded_data,
+		     encrypted_datalen))
+		return -EINVAL;
 
 	hmac = epayload->format + epayload->datablob_len;
-	hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2), HASH_SIZE);
+	if (!hex2bin(hmac, hex_encoded_data + (encrypted_datalen * 2),
+		     HASH_SIZE))
+		return -EINVAL;
 
 	mkey = request_master_key(epayload, &master_key, &master_keylen);
 	if (IS_ERR(mkey))
-- 
1.7.3.4

Re: [PATCH 2/3] trusted-keys: check hex2bin result

[Andy Shevchenko]

On Tue, Sep 20, 2011 at 4:15 PM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
>
> For each hex2bin call in trusted keys, check that the ascii hex string is
> valid.  On failure, return -EINVAL.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> ---
>  security/keys/trusted.c |   15 +++++++++++----
>  1 files changed, 11 insertions(+), 4 deletions(-)
>
> diff --git a/security/keys/trusted.c b/security/keys/trusted.c
> index 0c33e2e..9b847e1 100644
> --- a/security/keys/trusted.c
> +++ b/security/keys/trusted.c
> @@ -779,7 +779,9 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
>                        opt->pcrinfo_len = strlen(args[0].from) / 2;
>                        if (opt->pcrinfo_len > MAX_PCRINFO_SIZE)
>                                return -EINVAL;
> -                       hex2bin(opt->pcrinfo, args[0].from, opt->pcrinfo_len);
> +                       if (!hex2bin(opt->pcrinfo, args[0].from,
> +                                    opt->pcrinfo_len))
> +                               return -EINVAL;
if (hex2bin(...) < 0)

Everywhere in Patch 2 and 3.

-- 
With Best Regards,
Andy Shevchenko

Re: [PATCH 2/3] trusted-keys: check hex2bin result

[Mimi Zohar]

On Tue, 2011-09-20 at 16:57 +0300, Andy Shevchenko wrote:
> On Tue, Sep 20, 2011 at 4:15 PM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> > From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> >
> > For each hex2bin call in trusted keys, check that the ascii hex string is
> > valid.  On failure, return -EINVAL.
> >
> > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> > Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> > ---
> >  security/keys/trusted.c |   15 +++++++++++----
> >  1 files changed, 11 insertions(+), 4 deletions(-)
> >
> > diff --git a/security/keys/trusted.c b/security/keys/trusted.c
> > index 0c33e2e..9b847e1 100644
> > --- a/security/keys/trusted.c
> > +++ b/security/keys/trusted.c
> > @@ -779,7 +779,9 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> >                        opt->pcrinfo_len = strlen(args[0].from) / 2;
> >                        if (opt->pcrinfo_len > MAX_PCRINFO_SIZE)
> >                                return -EINVAL;
> > -                       hex2bin(opt->pcrinfo, args[0].from, opt->pcrinfo_len);
> > +                       if (!hex2bin(opt->pcrinfo, args[0].from,
> > +                                    opt->pcrinfo_len))
> > +                               return -EINVAL;
> if (hex2bin(...) < 0)
> 
> Everywhere in Patch 2 and 3.

thanks,

Mimi