From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: David Howells <dhowells@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: "Toke Høiland-Jørgensen" <toke@redhat.com>,
"Tianjia Zhang" <tianjia.zhang@linux.alibaba.com>,
"Gilad Ben-Yossef" <gilad@benyossef.com>,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
stable@vger.kernel.org
Subject: [PATCH] crypto: public_key: check that pkey_algo is non-NULL before passing it to strcmp()
Date: Tue, 12 Jan 2021 17:10:44 +0100 [thread overview]
Message-ID: <20210112161044.3101-1-toke@redhat.com> (raw)
When public_key_verify_signature() is called from
asymmetric_key_verify_signature(), the pkey_algo field of struct
public_key_signature will be NULL, which causes a NULL pointer dereference
in the strcmp() check. Fix this by adding a NULL check.
One visible manifestation of this is that userspace programs (such as the
'iwd' WiFi daemon) will be killed when trying to verify a TLS key using the
keyctl(2) interface.
Cc: stable@vger.kernel.org
Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate verification")
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
---
crypto/asymmetric_keys/public_key.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 8892908ad58c..35b09e95a870 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -356,7 +356,7 @@ int public_key_verify_signature(const struct public_key *pkey,
if (ret)
goto error_free_key;
- if (strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) {
+ if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) {
ret = cert_sig_digest_update(sig, tfm);
if (ret)
goto error_free_key;
--
2.30.0
next reply other threads:[~2021-01-12 16:13 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-12 16:10 Toke Høiland-Jørgensen [this message]
2021-01-13 2:39 ` [PATCH] crypto: public_key: check that pkey_algo is non-NULL before passing it to strcmp() Tianjia Zhang
2021-01-13 11:29 ` Toke Høiland-Jørgensen
2021-01-13 11:11 ` David Howells
2021-01-13 11:36 ` Toke Høiland-Jørgensen
2021-01-13 12:57 ` David Howells
2021-01-18 17:13 ` Toke Høiland-Jørgensen
2021-01-18 21:09 ` João Fonseca
2021-01-21 5:58 ` Tee Hao Wei
2021-03-10 12:02 ` Greg KH
2021-03-15 10:52 ` Toke Høiland-Jørgensen
2021-03-15 12:07 ` Greg KH
2021-01-14 2:55 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210112161044.3101-1-toke@redhat.com \
--to=toke@redhat.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=gilad@benyossef.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tianjia.zhang@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.