[PATCH 4.3 0/2] 4.3.2-stable review

[PATCH 4.3 0/2] 4.3.2-stable review

[Greg Kroah-Hartman]

This is the start of the stable review cycle for the 4.3.2 release.
There are 2 patches in this series, all will be posted as a response
to this one.  If anyone has any issues with these being applied, please
let me know.

Responses should be made by Fri Dec 11 18:02:18 UTC 2015.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
	kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.3.2-rc1.gz
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Linux 4.3.2-rc1

David Howells <dhowells@redhat.com>
    X.509: Fix the time validation [ver #2]

sudip <sudipm.mukherjee@gmail.com>
    crypto: asymmetric_keys - remove always false comparison


-------------

Diffstat:

 Makefile                                  |  4 ++--
 crypto/asymmetric_keys/x509_cert_parser.c | 18 ++++++++++--------
 2 files changed, 12 insertions(+), 10 deletions(-)

[PATCH 4.3 1/2] crypto: asymmetric_keys - remove always false comparison

[Greg Kroah-Hartman]

4.3-stable review patch.  If anyone has any objections, please let me know.

------------------

From: sudip <sudipm.mukherjee@gmail.com>

commit 4dd17c9c8a30c8d8cd1c9d4b94f08aca4b038d3e upstream.

hour, min and sec are unsigned int and they can never be less than zero.

Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 crypto/asymmetric_keys/x509_cert_parser.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -546,9 +546,9 @@ int x509_decode_time(time64_t *_t,  size
 	if (year < 1970 ||
 	    mon < 1 || mon > 12 ||
 	    day < 1 || day > mon_len ||
-	    hour < 0 || hour > 23 ||
-	    min < 0 || min > 59 ||
-	    sec < 0 || sec > 59)
+	    hour > 23 ||
+	    min > 59 ||
+	    sec > 59)
 		goto invalid_time;
 	
 	*_t = mktime64(year, mon, day, hour, min, sec);

[PATCH 4.3 2/2] X.509: Fix the time validation [ver #2]

[Greg Kroah-Hartman]

4.3-stable review patch.  If anyone has any objections, please let me know.

------------------

From: David Howells <dhowells@redhat.com>

commit cc25b994acfbc901429da682d0f73c190e960206 upstream.

This fixes CVE-2015-5327.  It affects kernels from 4.3-rc1 onwards.

Fix the X.509 time validation to use month number-1 when looking up the
number of days in that month.  Also put the month number validation before
doing the lookup so as not to risk overrunning the array.

This can be tested by doing the following:

cat <<EOF | openssl x509 -outform DER | keyctl padd asymmetric "" @s
-----BEGIN CERTIFICATE-----
MIIDbjCCAlagAwIBAgIJAN/lUld+VR4hMA0GCSqGSIb3DQEBCwUAMCkxETAPBgNV
BAoMCGxvY2FsLWNhMRQwEgYDVQQDDAtzaWduaW5nIGtleTAeFw0xNTA5MDEyMTMw
MThaFw0xNjA4MzEyMTMwMThaMCkxETAPBgNVBAoMCGxvY2FsLWNhMRQwEgYDVQQD
DAtzaWduaW5nIGtleTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANrn
crcMfMeG67nagX4+m02Xk9rkmsMKI5XTUxbikROe7GSUVJ27sPVPZp4mgzoWlvhh
jfK8CC/qhEhwep8Pgg4EJZyWOjhZb7R97ckGvLIoUC6IO3FC2ZnR7WtmWDgo2Jcj
VlXwJdHhKU1VZwulh81O61N8IBKqz2r/kDhIWiicUCUkI/Do/RMRfKAoDBcSh86m
gOeIAGfq62vbiZhVsX5dOE8Oo2TK5weAvwUIOR7OuGBl5AqwFlPnXQolewiHzKry
THg9e44HfzG4Mi6wUvcJxVaQT1h5SrKD779Z5+8+wf1JLaooetcEUArvWyuxCU59
qxA4lsTjBwl4cmEki+cCAwEAAaOBmDCBlTAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
AwIHgDAdBgNVHQ4EFgQUyND/eKUis7ep/hXMJ8iZMdUhI+IwWQYDVR0jBFIwUIAU
yND/eKUis7ep/hXMJ8iZMdUhI+KhLaQrMCkxETAPBgNVBAoMCGxvY2FsLWNhMRQw
EgYDVQQDDAtzaWduaW5nIGtleYIJAN/lUld+VR4hMA0GCSqGSIb3DQEBCwUAA4IB
AQAMqm1N1yD5pimUELLhT5eO2lRdGUfTozljRxc7e2QT3RLk2TtGhg65JFFN6eml
XS58AEPVcAsSLDlR6WpOpOLB2giM0+fV/eYFHHmh22yqTJl4YgkdUwyzPdCHNOZL
hmSKeY9xliHb6PNrNWWtZwhYYvRaO2DX4GXOMR0Oa2O4vaYu6/qGlZOZv3U6qZLY
wwHEJSrqeBDyMuwN+eANHpoSpiBzD77S4e+7hUDJnql4j6xzJ65+nWJ89fCrQypR
4sN5R3aGeIh3QAQUIKpHilwek0CtEaYERgc5m+jGyKSc1rezJW62hWRTaitOc+d5
G5hh+9YpnYcxQHEKnZ7rFNKJ
-----END CERTIFICATE-----
EOF

If it works, it emit a key ID; if it fails, it should give a bad message
error.

Reported-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 crypto/asymmetric_keys/x509_cert_parser.c |   12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -531,7 +531,11 @@ int x509_decode_time(time64_t *_t,  size
 	if (*p != 'Z')
 		goto unsupported_time;
 
-	mon_len = month_lengths[mon];
+	if (year < 1970 ||
+	    mon < 1 || mon > 12)
+		goto invalid_time;
+
+	mon_len = month_lengths[mon - 1];
 	if (mon == 2) {
 		if (year % 4 == 0) {
 			mon_len = 29;
@@ -543,14 +547,12 @@ int x509_decode_time(time64_t *_t,  size
 		}
 	}
 
-	if (year < 1970 ||
-	    mon < 1 || mon > 12 ||
-	    day < 1 || day > mon_len ||
+	if (day < 1 || day > mon_len ||
 	    hour > 23 ||
 	    min > 59 ||
 	    sec > 59)
 		goto invalid_time;
-	
+
 	*_t = mktime64(year, mon, day, hour, min, sec);
 	return 0;
 

Re: [PATCH 4.3 0/2] 4.3.2-stable review

[Alexander Holler]

Am 10.12.2015 um 19:03 schrieb Greg Kroah-Hartman:
> This is the start of the stable review cycle for the 4.3.2 release.
> There are 2 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri Dec 11 18:02:18 UTC 2015.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> 	kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.3.2-rc1.gz
> and the diffstat can be found below.

Tested successfully by running a kernel with those two patches. Thanks a 
lot for the quick reaction.

Regards,

Alexander Holler

Re: [PATCH 4.3 0/2] 4.3.2-stable review

[Greg Kroah-Hartman]

On Thu, Dec 10, 2015 at 07:38:47PM +0100, Alexander Holler wrote:
> Am 10.12.2015 um 19:03 schrieb Greg Kroah-Hartman:
> >This is the start of the stable review cycle for the 4.3.2 release.
> >There are 2 patches in this series, all will be posted as a response
> >to this one.  If anyone has any issues with these being applied, please
> >let me know.
> >
> >Responses should be made by Fri Dec 11 18:02:18 UTC 2015.
> >Anything received after that time might be too late.
> >
> >The whole patch series can be found in one patch at:
> >	kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.3.2-rc1.gz
> >and the diffstat can be found below.
> 
> Tested successfully by running a kernel with those two patches. Thanks a lot
> for the quick reaction.

Great, thanks for testing and leting me know.

greg k-h

Re: [PATCH 4.3 0/2] 4.3.2-stable review

[Shuah Khan]

On 12/10/2015 11:03 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.3.2 release.
> There are 2 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Fri Dec 11 18:02:18 UTC 2015.
> Anything received after that time might be too late.
> 
> The whole patch series can be found in one patch at:
> 	kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.3.2-rc1.gz
> and the diffstat can be found below.
> 
> thanks,
> 

Compiled and booted on my test system. No dmesg regressions,

thanks,
-- Shuah


-- 
Shuah Khan
Sr. Linux Kernel Developer
Open Source Innovation Group
Samsung Research America (Silicon Valley)
shuahkh@osg.samsung.com | (970) 217-8978

Re: [PATCH 4.3 0/2] 4.3.2-stable review

[Greg Kroah-Hartman]

On Thu, Dec 10, 2015 at 01:58:43PM -0700, Shuah Khan wrote:
> On 12/10/2015 11:03 AM, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 4.3.2 release.
> > There are 2 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> > 
> > Responses should be made by Fri Dec 11 18:02:18 UTC 2015.
> > Anything received after that time might be too late.
> > 
> > The whole patch series can be found in one patch at:
> > 	kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.3.2-rc1.gz
> > and the diffstat can be found below.
> > 
> > thanks,
> > 
> 
> Compiled and booted on my test system. No dmesg regressions,

Great, thanks for testing.

greg k-h

Re: [PATCH 4.3 0/2] 4.3.2-stable review

[Guenter Roeck]

On Thu, Dec 10, 2015 at 01:03:46PM -0500, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.3.2 release.
> There are 2 patches in this series, all will be posted as a response
> to this one.  If anyone has any issues with these being applied, please
> let me know.
> 
> Responses should be made by Fri Dec 11 18:02:18 UTC 2015.
> Anything received after that time might be too late.
> 
Build results:
	total: 145 pass: 145 fail: 0
Qemu test results:
	total: 95 pass: 95 fail: 0

Details are available at http://server.roeck-us.net:8010/builders.

Guenter

Re: [PATCH 4.3 0/2] 4.3.2-stable review

[Greg Kroah-Hartman]

On Thu, Dec 10, 2015 at 01:48:28PM -0800, Guenter Roeck wrote:
> On Thu, Dec 10, 2015 at 01:03:46PM -0500, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 4.3.2 release.
> > There are 2 patches in this series, all will be posted as a response
> > to this one.  If anyone has any issues with these being applied, please
> > let me know.
> > 
> > Responses should be made by Fri Dec 11 18:02:18 UTC 2015.
> > Anything received after that time might be too late.
> > 
> Build results:
> 	total: 145 pass: 145 fail: 0
> Qemu test results:
> 	total: 95 pass: 95 fail: 0
> 
> Details are available at http://server.roeck-us.net:8010/builders.

Thanks for testing and letting me know.

I think I'll release this one sooner than expected due to the bug it
fixes...

thanks,

greg k-h