From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934133AbbLRACd (ORCPT ); Thu, 17 Dec 2015 19:02:33 -0500 Received: from mx1.redhat.com ([209.132.183.28]:49718 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933395AbbLRAC1 (ORCPT ); Thu, 17 Dec 2015 19:02:27 -0500 Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 5/5] X.509: Handle midnight alternative notation in GeneralizedTime From: David Howells To: keyrings@vger.kernel.org Cc: David Woodhouse , Arnd Bergmann , linux-kernel@vger.kernel.org, stable@vger.kernel.org, dhowells@redhat.com, linux-security-module@vger.kernel.org, Rudolf Polzer , John Stultz Date: Fri, 18 Dec 2015 00:02:24 +0000 Message-ID: <20151218000224.29483.61861.stgit@warthog.procyon.org.uk> In-Reply-To: <20151218000148.29483.67155.stgit@warthog.procyon.org.uk> References: <20151218000148.29483.67155.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The ASN.1 GeneralizedTime object carries an ISO8601 format date and time. The time is permitted to show midnight as 00:00 or 24:00 (the latter being equivalent of 00:00 of the following day). The permitted value is checked in x509_decode_time() but the actual handling is left to mktime64(). Without this patch, certain X.509 certificates will be rejected and could lead to an unbootable kernel. Reported-by: Rudolf Polzer Signed-off-by: David Howells cc: David Woodhouse cc: John Stultz cc: Arnd Bergmann cc: stable@vger.kernel.org --- crypto/asymmetric_keys/x509_cert_parser.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 9be2caebc57b..b9de251c419c 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -497,7 +497,7 @@ int x509_decode_time(time64_t *_t, size_t hdrlen, static const unsigned char month_lengths[] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; const unsigned char *p = value; - unsigned year, mon, day, hour, min, sec, mon_len, max_sec; + unsigned year, mon, day, hour, min, sec, mon_len, max_sec, max_hour; #define dec2bin(X) ({ unsigned char x = (X) - '0'; if (x > 9) goto invalid_time; x; }) #define DD2bin(P) ({ unsigned x = dec2bin(P[0]) * 10 + dec2bin(P[1]); P += 2; x; }) @@ -512,6 +512,7 @@ int x509_decode_time(time64_t *_t, size_t hdrlen, else year += 2000; max_sec = 59; + max_hour = 23; } else if (tag == ASN1_GENTIM) { /* GenTime: YYYYMMDDHHMMSSZ */ if (vlen != 15) @@ -520,6 +521,7 @@ int x509_decode_time(time64_t *_t, size_t hdrlen, if (year >= 1950 && year <= 2049) goto invalid_time; max_sec = 60; /* ISO 8601 permits leap seconds [X.680 46.3] */ + max_hour = 24; } else { goto unsupported_time; } @@ -550,11 +552,17 @@ int x509_decode_time(time64_t *_t, size_t hdrlen, } if (day < 1 || day > mon_len || - hour > 23 || + hour > max_hour || min > 59 || sec > max_sec) goto invalid_time; + /* GeneralizedTime, encoded as ISO 8601, also permits 24:00 today as an + * alternative for 00:00 tomorrow. + */ + if (hour == 24 && (min != 0 || sec != 0)) + goto invalid_time; + *_t = mktime64(year, mon, day, hour, min, sec); return 0;