From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.2 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY, URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 708F6C433DB for ; Wed, 13 Jan 2021 02:40:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 399E82311D for ; Wed, 13 Jan 2021 02:40:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726680AbhAMCkA (ORCPT ); Tue, 12 Jan 2021 21:40:00 -0500 Received: from out30-43.freemail.mail.aliyun.com ([115.124.30.43]:54024 "EHLO out30-43.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725843AbhAMCkA (ORCPT ); Tue, 12 Jan 2021 21:40:00 -0500 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R131e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04420;MF=tianjia.zhang@linux.alibaba.com;NM=1;PH=DS;RN=8;SR=0;TI=SMTPD_---0ULZwVnh_1610505555; Received: from B-455UMD6M-2027.local(mailfrom:tianjia.zhang@linux.alibaba.com fp:SMTPD_---0ULZwVnh_1610505555) by smtp.aliyun-inc.com(127.0.0.1); Wed, 13 Jan 2021 10:39:16 +0800 Subject: Re: [PATCH] crypto: public_key: check that pkey_algo is non-NULL before passing it to strcmp() To: =?UTF-8?Q?Toke_H=c3=b8iland-J=c3=b8rgensen?= , David Howells , Herbert Xu , "David S. Miller" Cc: Gilad Ben-Yossef , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, stable@vger.kernel.org References: <20210112161044.3101-1-toke@redhat.com> From: Tianjia Zhang Message-ID: Date: Wed, 13 Jan 2021 10:39:15 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: <20210112161044.3101-1-toke@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi, I have fixed this problem last week. Still thanks for your fixing. patch is here: https://lkml.org/lkml/2021/1/7/201 Best regards, Tianjia On 1/13/21 12:10 AM, Toke Høiland-Jørgensen wrote: > When public_key_verify_signature() is called from > asymmetric_key_verify_signature(), the pkey_algo field of struct > public_key_signature will be NULL, which causes a NULL pointer dereference > in the strcmp() check. Fix this by adding a NULL check. > > One visible manifestation of this is that userspace programs (such as the > 'iwd' WiFi daemon) will be killed when trying to verify a TLS key using the > keyctl(2) interface. > > Cc: stable@vger.kernel.org > Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate verification") > Signed-off-by: Toke Høiland-Jørgensen > --- > crypto/asymmetric_keys/public_key.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c > index 8892908ad58c..35b09e95a870 100644 > --- a/crypto/asymmetric_keys/public_key.c > +++ b/crypto/asymmetric_keys/public_key.c > @@ -356,7 +356,7 @@ int public_key_verify_signature(const struct public_key *pkey, > if (ret) > goto error_free_key; > > - if (strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) { > + if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) { > ret = cert_sig_digest_update(sig, tfm); > if (ret) > goto error_free_key; >