All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Mickaël Salaün" <mic@digikod.net>
To: David Howells <dhowells@redhat.com>,
	David Woodhouse <dwmw2@infradead.org>,
	Jarkko Sakkinen <jarkko@kernel.org>
Cc: "Mickaël Salaün" <mic@digikod.net>,
	"David S . Miller" <davem@davemloft.net>,
	"Herbert Xu" <herbert@gondor.apana.org.au>,
	"James Morris" <jmorris@namei.org>,
	"Mickaël Salaün" <mic@linux.microsoft.com>,
	"Mimi Zohar" <zohar@linux.ibm.com>,
	"Serge E . Hallyn" <serge@hallyn.com>,
	keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
	linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org
Subject: [PATCH v3 06/10] certs: Make blacklist_vet_description() more strict
Date: Thu, 14 Jan 2021 16:19:05 +0100	[thread overview]
Message-ID: <20210114151909.2344974-7-mic@digikod.net> (raw)
In-Reply-To: <20210114151909.2344974-1-mic@digikod.net>

From: Mickaël Salaün <mic@linux.microsoft.com>

Before exposing this new key type to user space, make sure that only
meaningful blacklisted hashes are accepted.  This is also checked for
builtin blacklisted hashes, but a following commit make sure that the
user will notice (at built time) and will fix the configuration if it
already included errors.

Check that a blacklist key description starts with a valid prefix and
then a valid hexadecimal string.

Cc: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
---

Changes since v2:
* Fix typo in blacklist_vet_description() comment, spotted by Tyler
  Hicks.
* Add Jarkko's Acked-by.

Changes since v1:
* Return ENOPKG (instead of EINVAL) when a hash is greater than the
  maximum currently known hash (suggested by David Howells).
---
 certs/blacklist.c | 46 ++++++++++++++++++++++++++++++++++++----------
 1 file changed, 36 insertions(+), 10 deletions(-)

diff --git a/certs/blacklist.c b/certs/blacklist.c
index bffe4c6f4a9e..334ab7b964bc 100644
--- a/certs/blacklist.c
+++ b/certs/blacklist.c
@@ -18,6 +18,16 @@
 #include <keys/system_keyring.h>
 #include "blacklist.h"
 
+/*
+ * According to crypto/asymmetric_keys/x509_cert_parser.c:x509_note_pkey_algo(),
+ * the size of the currently longest supported hash algorithm is 512 bits,
+ * which translates into 128 hex characters.
+ */
+#define MAX_HASH_LEN	128
+
+static const char tbs_prefix[] = "tbs";
+static const char bin_prefix[] = "bin";
+
 static struct key *blacklist_keyring;
 
 /*
@@ -26,24 +36,40 @@ static struct key *blacklist_keyring;
  */
 static int blacklist_vet_description(const char *desc)
 {
-	int n = 0;
-
-	if (*desc == ':')
-		return -EINVAL;
-	for (; *desc; desc++)
-		if (*desc == ':')
-			goto found_colon;
+	int i, prefix_len, tbs_step = 0, bin_step = 0;
+
+	/* The following algorithm only works if prefix lengths match. */
+	BUILD_BUG_ON(sizeof(tbs_prefix) != sizeof(bin_prefix));
+	prefix_len = sizeof(tbs_prefix) - 1;
+	for (i = 0; *desc; desc++, i++) {
+		if (*desc == ':') {
+			if (tbs_step == prefix_len)
+				goto found_colon;
+			if (bin_step == prefix_len)
+				goto found_colon;
+			return -EINVAL;
+		}
+		if (i >= prefix_len)
+			return -EINVAL;
+		if (*desc == tbs_prefix[i])
+			tbs_step++;
+		if (*desc == bin_prefix[i])
+			bin_step++;
+	}
 	return -EINVAL;
 
 found_colon:
 	desc++;
-	for (; *desc; desc++) {
+	for (i = 0; *desc && i < MAX_HASH_LEN; desc++, i++) {
 		if (!isxdigit(*desc) || isupper(*desc))
 			return -EINVAL;
-		n++;
 	}
+	if (*desc)
+		/* The hash is greater than MAX_HASH_LEN. */
+		return -ENOPKG;
 
-	if (n == 0 || n & 1)
+	/* Checks for an even number of hexadecimal characters. */
+	if (i == 0 || i & 1)
 		return -EINVAL;
 	return 0;
 }
-- 
2.30.0


  parent reply	other threads:[~2021-01-14 15:20 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-14 15:18 [PATCH v3 00/10] Enable root to update the blacklist keyring Mickaël Salaün
2021-01-14 15:19 ` [PATCH v3 01/10] certs/blacklist: fix kernel doc interface issue Mickaël Salaün
2021-01-20  3:39   ` Jarkko Sakkinen
2021-01-14 15:19 ` [PATCH v3 02/10] certs: Fix blacklisted hexadecimal hash string check Mickaël Salaün
2021-01-20  3:43   ` Jarkko Sakkinen
2021-01-20 11:12     ` Mickaël Salaün
2021-01-20 23:44       ` Jarkko Sakkinen
2021-01-14 15:19 ` [PATCH v3 03/10] PKCS#7: Fix missing include Mickaël Salaün
2021-01-20  3:44   ` Jarkko Sakkinen
2021-01-14 15:19 ` [PATCH v3 04/10] certs: Fix blacklist flag type confusion Mickaël Salaün
2021-01-20  3:55   ` Jarkko Sakkinen
2021-01-20 11:15     ` Mickaël Salaün
2021-01-20 23:45       ` Jarkko Sakkinen
2021-01-14 15:19 ` [PATCH v3 05/10] certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID Mickaël Salaün
2021-01-20  5:15   ` Jarkko Sakkinen
2021-01-20 11:17     ` Mickaël Salaün
2021-01-20 23:48       ` Jarkko Sakkinen
2021-01-14 15:19 ` Mickaël Salaün [this message]
2021-01-20  4:16   ` [PATCH v3 06/10] certs: Make blacklist_vet_description() more strict Jarkko Sakkinen
2021-01-20 11:23     ` Mickaël Salaün
2021-01-14 15:19 ` [PATCH v3 07/10] certs: Factor out the blacklist hash creation Mickaël Salaün
2021-01-14 15:19 ` [PATCH v3 08/10] certs: Check that builtin blacklist hashes are valid Mickaël Salaün
2021-01-20  5:19   ` Jarkko Sakkinen
2021-01-20 11:57     ` Mickaël Salaün
2021-01-20 23:53       ` Jarkko Sakkinen
2021-01-21  9:18         ` Mickaël Salaün
2021-01-21 15:21           ` Jarkko Sakkinen
2021-01-14 15:19 ` [PATCH v3 09/10] certs: Allow root user to append signed hashes to the blacklist keyring Mickaël Salaün
2021-01-15 13:06   ` Mimi Zohar
2021-01-20  5:23   ` Jarkko Sakkinen
2021-01-20 11:24     ` Mickaël Salaün
2021-01-14 15:19 ` [PATCH v3 10/10] tools/certs: Add print-cert-tbs-hash.sh Mickaël Salaün
2021-01-15  9:28 ` [PATCH v3 00/10] Enable root to update the blacklist keyring Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210114151909.2344974-7-mic@digikod.net \
    --to=mic@digikod.net \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=dwmw2@infradead.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=jarkko@kernel.org \
    --cc=jmorris@namei.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mic@linux.microsoft.com \
    --cc=serge@hallyn.com \
    --cc=zohar@linux.ibm.com \
    --subject='Re: [PATCH v3 06/10] certs: Make blacklist_vet_description() more strict' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.