linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: keyrings@vger.kernel.org, dhowells@redhat.com
Cc: linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: [PATCH] KEYS: fix parsing invalid pkey info string
Date: Sat,  3 Nov 2018 10:30:35 -0700	[thread overview]
Message-ID: <20181103173035.23974-1-ebiggers@kernel.org> (raw)
In-Reply-To: <000000000000c220960579c4936d@google.com>

From: Eric Biggers <ebiggers@google.com>

We need to check the return value of match_token() for Opt_err (-1)
before doing anything with it.

Reported-by: syzbot+a22e0dc07567662c50bc@syzkaller.appspotmail.com
Fixes: 00d60fd3b932 ("KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2]")
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 security/keys/keyctl_pkey.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c
index 783978842f13a..987fac8051d70 100644
--- a/security/keys/keyctl_pkey.c
+++ b/security/keys/keyctl_pkey.c
@@ -50,6 +50,8 @@ static int keyctl_pkey_params_parse(struct kernel_pkey_params *params)
 		if (*p == '\0' || *p == ' ' || *p == '\t')
 			continue;
 		token = match_token(p, param_keys, args);
+		if (token == Opt_err)
+			return -EINVAL;
 		if (__test_and_set_bit(token, &token_mask))
 			return -EINVAL;
 		q = args[0].from;
-- 
2.19.1

next prev parent reply	other threads:[~2018-11-03 17:32 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-03 15:48 general protection fault in keyctl_pkey_params_get syzbot
2018-11-03 17:30 ` Eric Biggers [this message]
2018-11-28 23:20   ` [PATCH] KEYS: fix parsing invalid pkey info string Eric Biggers
2018-12-06 18:26     ` Eric Biggers
2018-12-17 18:12     ` [PATCH RESEND] " Eric Biggers
2018-12-17 18:43       ` Linus Torvalds
2018-12-17 18:49         ` Linus Torvalds
2018-12-17 19:06           ` Linus Torvalds
2018-12-17 19:39             ` Linus Torvalds
2018-12-17 19:51               ` James Bottomley
2018-12-17 20:02                 ` Linus Torvalds
2018-12-17 20:29                   ` Mimi Zohar
2018-12-18  0:44                   ` James Bottomley
2018-12-31 22:45                   ` Eric Biggers
2019-01-01 21:08                     ` Linus Torvalds
2018-12-17 20:21             ` Mimi Zohar
2018-12-17 20:31               ` Linus Torvalds
2018-12-18 12:34         ` Dmitry Vyukov

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:783978842f13 dfblob:987fac8051d7
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181103173035.23974-1-ebiggers@kernel.org \
    --to=ebiggers@kernel.org \
    --cc=dhowells@redhat.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).