* [PATCH v2] fscrypt: fix dereference of NULL user_key_payload
@ 2017-10-09 19:46 ` Eric Biggers
0 siblings, 0 replies; 12+ messages in thread
From: Eric Biggers @ 2017-10-09 19:46 UTC (permalink / raw)
To: linux-fscrypt, Theodore Y . Ts'o
Cc: keyrings, Jaegeuk Kim, linux-security-module, Eric Biggers, stable
From: Eric Biggers <ebiggers@google.com>
When an fscrypt-encrypted file is opened, we request the file's master
key from the keyrings service as a logon key, then access its payload.
However, a revoked key has a NULL payload, and we failed to check for
this. request_key() *does* skip revoked keys, but there is still a
window where the key can be revoked before we acquire its semaphore.
Fix it by checking for a NULL payload, treating it like a key which was
already revoked at the time it was requested.
Fixes: 88bd6ccdcdd6 ("ext4 crypto: add encryption key management facilities")
Reviewed-by: James Morris <james.l.morris@oracle.com>
Cc: <stable@vger.kernel.org> [v4.1+]
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
Changed since v1: added Reviewed-by and resent as standalone patch.
Can this please be taken through the fscrypt tree?
fs/crypto/keyinfo.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c
index 018c588c7ac3..8e704d12a1cf 100644
--- a/fs/crypto/keyinfo.c
+++ b/fs/crypto/keyinfo.c
@@ -109,6 +109,11 @@ static int validate_user_key(struct fscrypt_info *crypt_info,
goto out;
}
ukp = user_key_payload_locked(keyring_key);
+ if (!ukp) {
+ /* key was revoked before we acquired its semaphore */
+ res = -EKEYREVOKED;
+ goto out;
+ }
if (ukp->datalen != sizeof(struct fscrypt_key)) {
res = -EINVAL;
goto out;
--
2.14.2.920.gcf0c67979c-goog
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH v2] fscrypt: fix dereference of NULL user_key_payload
@ 2017-10-09 19:46 ` Eric Biggers
0 siblings, 0 replies; 12+ messages in thread
From: Eric Biggers @ 2017-10-09 19:46 UTC (permalink / raw)
To: linux-fscrypt, Theodore Y . Ts'o
Cc: keyrings, Jaegeuk Kim, linux-security-module, Eric Biggers, stable
From: Eric Biggers <ebiggers@google.com>
When an fscrypt-encrypted file is opened, we request the file's master
key from the keyrings service as a logon key, then access its payload.
However, a revoked key has a NULL payload, and we failed to check for
this. request_key() *does* skip revoked keys, but there is still a
window where the key can be revoked before we acquire its semaphore.
Fix it by checking for a NULL payload, treating it like a key which was
already revoked at the time it was requested.
Fixes: 88bd6ccdcdd6 ("ext4 crypto: add encryption key management facilities")
Reviewed-by: James Morris <james.l.morris@oracle.com>
Cc: <stable@vger.kernel.org> [v4.1+]
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
Changed since v1: added Reviewed-by and resent as standalone patch.
Can this please be taken through the fscrypt tree?
fs/crypto/keyinfo.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c
index 018c588c7ac3..8e704d12a1cf 100644
--- a/fs/crypto/keyinfo.c
+++ b/fs/crypto/keyinfo.c
@@ -109,6 +109,11 @@ static int validate_user_key(struct fscrypt_info *crypt_info,
goto out;
}
ukp = user_key_payload_locked(keyring_key);
+ if (!ukp) {
+ /* key was revoked before we acquired its semaphore */
+ res = -EKEYREVOKED;
+ goto out;
+ }
if (ukp->datalen != sizeof(struct fscrypt_key)) {
res = -EINVAL;
goto out;
--
2.14.2.920.gcf0c67979c-goog
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH v2] fscrypt: fix dereference of NULL user_key_payload
@ 2017-10-09 19:46 ` Eric Biggers
0 siblings, 0 replies; 12+ messages in thread
From: Eric Biggers @ 2017-10-09 19:46 UTC (permalink / raw)
To: linux-security-module
From: Eric Biggers <ebiggers@google.com>
When an fscrypt-encrypted file is opened, we request the file's master
key from the keyrings service as a logon key, then access its payload.
However, a revoked key has a NULL payload, and we failed to check for
this. request_key() *does* skip revoked keys, but there is still a
window where the key can be revoked before we acquire its semaphore.
Fix it by checking for a NULL payload, treating it like a key which was
already revoked at the time it was requested.
Fixes: 88bd6ccdcdd6 ("ext4 crypto: add encryption key management facilities")
Reviewed-by: James Morris <james.l.morris@oracle.com>
Cc: <stable@vger.kernel.org> [v4.1+]
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
Changed since v1: added Reviewed-by and resent as standalone patch.
Can this please be taken through the fscrypt tree?
fs/crypto/keyinfo.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c
index 018c588c7ac3..8e704d12a1cf 100644
--- a/fs/crypto/keyinfo.c
+++ b/fs/crypto/keyinfo.c
@@ -109,6 +109,11 @@ static int validate_user_key(struct fscrypt_info *crypt_info,
goto out;
}
ukp = user_key_payload_locked(keyring_key);
+ if (!ukp) {
+ /* key was revoked before we acquired its semaphore */
+ res = -EKEYREVOKED;
+ goto out;
+ }
if (ukp->datalen != sizeof(struct fscrypt_key)) {
res = -EINVAL;
goto out;
--
2.14.2.920.gcf0c67979c-goog
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH v2] fscrypt: fix dereference of NULL user_key_payload
2017-10-09 19:46 ` Eric Biggers
(?)
@ 2017-10-29 10:23 ` Theodore Ts'o
-1 siblings, 0 replies; 12+ messages in thread
From: Theodore Ts'o @ 2017-10-29 10:23 UTC (permalink / raw)
To: Eric Biggers
Cc: linux-fscrypt, keyrings, Jaegeuk Kim, linux-security-module,
Eric Biggers, stable
On Mon, Oct 09, 2017 at 12:46:18PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> When an fscrypt-encrypted file is opened, we request the file's master
> key from the keyrings service as a logon key, then access its payload.
> However, a revoked key has a NULL payload, and we failed to check for
> this. request_key() *does* skip revoked keys, but there is still a
> window where the key can be revoked before we acquire its semaphore.
>
> Fix it by checking for a NULL payload, treating it like a key which was
> already revoked at the time it was requested.
>
> Fixes: 88bd6ccdcdd6 ("ext4 crypto: add encryption key management facilities")
> Reviewed-by: James Morris <james.l.morris@oracle.com>
> Cc: <stable@vger.kernel.org> [v4.1+]
> Signed-off-by: Eric Biggers <ebiggers@google.com>
Applied, thanks.
- Ted
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v2] fscrypt: fix dereference of NULL user_key_payload
@ 2017-10-29 10:23 ` Theodore Ts'o
0 siblings, 0 replies; 12+ messages in thread
From: Theodore Ts'o @ 2017-10-29 10:23 UTC (permalink / raw)
To: Eric Biggers
Cc: linux-fscrypt, keyrings, Jaegeuk Kim, linux-security-module,
Eric Biggers, stable
On Mon, Oct 09, 2017 at 12:46:18PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> When an fscrypt-encrypted file is opened, we request the file's master
> key from the keyrings service as a logon key, then access its payload.
> However, a revoked key has a NULL payload, and we failed to check for
> this. request_key() *does* skip revoked keys, but there is still a
> window where the key can be revoked before we acquire its semaphore.
>
> Fix it by checking for a NULL payload, treating it like a key which was
> already revoked at the time it was requested.
>
> Fixes: 88bd6ccdcdd6 ("ext4 crypto: add encryption key management facilities")
> Reviewed-by: James Morris <james.l.morris@oracle.com>
> Cc: <stable@vger.kernel.org> [v4.1+]
> Signed-off-by: Eric Biggers <ebiggers@google.com>
Applied, thanks.
- Ted
^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH v2] fscrypt: fix dereference of NULL user_key_payload
@ 2017-10-29 10:23 ` Theodore Ts'o
0 siblings, 0 replies; 12+ messages in thread
From: Theodore Ts'o @ 2017-10-29 10:23 UTC (permalink / raw)
To: linux-security-module
On Mon, Oct 09, 2017 at 12:46:18PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> When an fscrypt-encrypted file is opened, we request the file's master
> key from the keyrings service as a logon key, then access its payload.
> However, a revoked key has a NULL payload, and we failed to check for
> this. request_key() *does* skip revoked keys, but there is still a
> window where the key can be revoked before we acquire its semaphore.
>
> Fix it by checking for a NULL payload, treating it like a key which was
> already revoked at the time it was requested.
>
> Fixes: 88bd6ccdcdd6 ("ext4 crypto: add encryption key management facilities")
> Reviewed-by: James Morris <james.l.morris@oracle.com>
> Cc: <stable@vger.kernel.org> [v4.1+]
> Signed-off-by: Eric Biggers <ebiggers@google.com>
Applied, thanks.
- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v2] fscrypt: fix dereference of NULL user_key_payload
2017-10-29 10:23 ` Theodore Ts'o
(?)
@ 2017-10-29 16:32 ` Eric Biggers
-1 siblings, 0 replies; 12+ messages in thread
From: Eric Biggers @ 2017-10-29 16:32 UTC (permalink / raw)
To: Theodore Ts'o
Cc: linux-fscrypt, keyrings, Jaegeuk Kim, linux-security-module,
Eric Biggers, stable
On Sun, Oct 29, 2017 at 06:23:05AM -0400, Theodore Ts'o wrote:
> On Mon, Oct 09, 2017 at 12:46:18PM -0700, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> >
> > When an fscrypt-encrypted file is opened, we request the file's master
> > key from the keyrings service as a logon key, then access its payload.
> > However, a revoked key has a NULL payload, and we failed to check for
> > this. request_key() *does* skip revoked keys, but there is still a
> > window where the key can be revoked before we acquire its semaphore.
> >
> > Fix it by checking for a NULL payload, treating it like a key which was
> > already revoked at the time it was requested.
> >
> > Fixes: 88bd6ccdcdd6 ("ext4 crypto: add encryption key management facilities")
> > Reviewed-by: James Morris <james.l.morris@oracle.com>
> > Cc: <stable@vger.kernel.org> [v4.1+]
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
>
> Applied, thanks.
>
Hi Ted, you should drop this one, since it's already in mainline; David Howells
ended up taking the original series via the keyrings tree.
Thanks!
Eric
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v2] fscrypt: fix dereference of NULL user_key_payload
@ 2017-10-29 16:32 ` Eric Biggers
0 siblings, 0 replies; 12+ messages in thread
From: Eric Biggers @ 2017-10-29 16:32 UTC (permalink / raw)
To: Theodore Ts'o
Cc: linux-fscrypt, keyrings, Jaegeuk Kim, linux-security-module,
Eric Biggers, stable
On Sun, Oct 29, 2017 at 06:23:05AM -0400, Theodore Ts'o wrote:
> On Mon, Oct 09, 2017 at 12:46:18PM -0700, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> >
> > When an fscrypt-encrypted file is opened, we request the file's master
> > key from the keyrings service as a logon key, then access its payload.
> > However, a revoked key has a NULL payload, and we failed to check for
> > this. request_key() *does* skip revoked keys, but there is still a
> > window where the key can be revoked before we acquire its semaphore.
> >
> > Fix it by checking for a NULL payload, treating it like a key which was
> > already revoked at the time it was requested.
> >
> > Fixes: 88bd6ccdcdd6 ("ext4 crypto: add encryption key management facilities")
> > Reviewed-by: James Morris <james.l.morris@oracle.com>
> > Cc: <stable@vger.kernel.org> [v4.1+]
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
>
> Applied, thanks.
>
Hi Ted, you should drop this one, since it's already in mainline; David Howells
ended up taking the original series via the keyrings tree.
Thanks!
Eric
^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH v2] fscrypt: fix dereference of NULL user_key_payload
@ 2017-10-29 16:32 ` Eric Biggers
0 siblings, 0 replies; 12+ messages in thread
From: Eric Biggers @ 2017-10-29 16:32 UTC (permalink / raw)
To: linux-security-module
On Sun, Oct 29, 2017 at 06:23:05AM -0400, Theodore Ts'o wrote:
> On Mon, Oct 09, 2017 at 12:46:18PM -0700, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> >
> > When an fscrypt-encrypted file is opened, we request the file's master
> > key from the keyrings service as a logon key, then access its payload.
> > However, a revoked key has a NULL payload, and we failed to check for
> > this. request_key() *does* skip revoked keys, but there is still a
> > window where the key can be revoked before we acquire its semaphore.
> >
> > Fix it by checking for a NULL payload, treating it like a key which was
> > already revoked at the time it was requested.
> >
> > Fixes: 88bd6ccdcdd6 ("ext4 crypto: add encryption key management facilities")
> > Reviewed-by: James Morris <james.l.morris@oracle.com>
> > Cc: <stable@vger.kernel.org> [v4.1+]
> > Signed-off-by: Eric Biggers <ebiggers@google.com>
>
> Applied, thanks.
>
Hi Ted, you should drop this one, since it's already in mainline; David Howells
ended up taking the original series via the keyrings tree.
Thanks!
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v2] fscrypt: fix dereference of NULL user_key_payload
2017-10-29 16:32 ` Eric Biggers
(?)
@ 2017-10-31 17:47 ` Theodore Ts'o
-1 siblings, 0 replies; 12+ messages in thread
From: Theodore Ts'o @ 2017-10-31 17:47 UTC (permalink / raw)
To: Eric Biggers
Cc: linux-fscrypt, keyrings, Jaegeuk Kim, linux-security-module,
Eric Biggers, stable
On Sun, Oct 29, 2017 at 09:32:46AM -0700, Eric Biggers wrote:
>
> Hi Ted, you should drop this one, since it's already in mainline; David Howells
> ended up taking the original series via the keyrings tree.
Ah, I see it landed in v4.14-rc6. I'll drop it from the fscrypt tree.
- Ted
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v2] fscrypt: fix dereference of NULL user_key_payload
@ 2017-10-31 17:47 ` Theodore Ts'o
0 siblings, 0 replies; 12+ messages in thread
From: Theodore Ts'o @ 2017-10-31 17:47 UTC (permalink / raw)
To: Eric Biggers
Cc: linux-fscrypt, keyrings, Jaegeuk Kim, linux-security-module,
Eric Biggers, stable
On Sun, Oct 29, 2017 at 09:32:46AM -0700, Eric Biggers wrote:
>
> Hi Ted, you should drop this one, since it's already in mainline; David Howells
> ended up taking the original series via the keyrings tree.
Ah, I see it landed in v4.14-rc6. I'll drop it from the fscrypt tree.
- Ted
^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH v2] fscrypt: fix dereference of NULL user_key_payload
@ 2017-10-31 17:47 ` Theodore Ts'o
0 siblings, 0 replies; 12+ messages in thread
From: Theodore Ts'o @ 2017-10-31 17:47 UTC (permalink / raw)
To: linux-security-module
On Sun, Oct 29, 2017 at 09:32:46AM -0700, Eric Biggers wrote:
>
> Hi Ted, you should drop this one, since it's already in mainline; David Howells
> ended up taking the original series via the keyrings tree.
Ah, I see it landed in v4.14-rc6. I'll drop it from the fscrypt tree.
- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2017-10-31 17:47 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-09 19:46 [PATCH v2] fscrypt: fix dereference of NULL user_key_payload Eric Biggers
2017-10-09 19:46 ` Eric Biggers
2017-10-09 19:46 ` Eric Biggers
2017-10-29 10:23 ` Theodore Ts'o
2017-10-29 10:23 ` Theodore Ts'o
2017-10-29 10:23 ` Theodore Ts'o
2017-10-29 16:32 ` Eric Biggers
2017-10-29 16:32 ` Eric Biggers
2017-10-29 16:32 ` Eric Biggers
2017-10-31 17:47 ` Theodore Ts'o
2017-10-31 17:47 ` Theodore Ts'o
2017-10-31 17:47 ` Theodore Ts'o
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.