From patchwork Fri Nov 20 18:04:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 11921519 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 20B3BA6A for ; Fri, 20 Nov 2020 18:11:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 028442245F for ; Fri, 20 Nov 2020 18:11:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729475AbgKTSLM (ORCPT ); Fri, 20 Nov 2020 13:11:12 -0500 Received: from smtp-bc09.mail.infomaniak.ch ([45.157.188.9]:37731 "EHLO smtp-bc09.mail.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729227AbgKTSLM (ORCPT ); Fri, 20 Nov 2020 13:11:12 -0500 X-Greylist: delayed 391 seconds by postgrey-1.27 at vger.kernel.org; Fri, 20 Nov 2020 13:11:11 EST Received: from smtp-2-0001.mail.infomaniak.ch (unknown [10.5.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4Cd4FG4VwpzlhGW4; Fri, 20 Nov 2020 19:04:34 +0100 (CET) Received: from localhost (unknown [94.23.54.103]) by smtp-2-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4Cd4FG2R9Dzlh8T9; Fri, 20 Nov 2020 19:04:34 +0100 (CET) From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: David Howells , David Woodhouse Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , "David S . Miller" , Herbert Xu , James Morris , Jarkko Sakkinen , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Mimi Zohar , "Serge E . Hallyn" , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v1 1/9] certs: Fix blacklisted hexadecimal hash string check Date: Fri, 20 Nov 2020 19:04:18 +0100 Message-Id: <20201120180426.922572-2-mic@digikod.net> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201120180426.922572-1-mic@digikod.net> References: <20201120180426.922572-1-mic@digikod.net> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Mickaël Salaün When looking for a blacklisted hash, bin2hex() is used to transform a binary hash to an ascii (lowercase) hexadecimal string. This string is then search for in the description of the keys from the blacklist keyring. When adding a key to the blacklist keyring, blacklist_vet_description() checks the hash prefix and the hexadecimal string, but not that this string is lowercase. It is then valid to set hashes with uppercase hexadecimal, which will be silently ignored by the kernel. Add an additional check to blacklist_vet_description() to check that hexadecimal strings are in lowercase. Cc: David Howells Cc: David Woodhouse Signed-off-by: Mickaël Salaün --- certs/blacklist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certs/blacklist.c b/certs/blacklist.c index 6514f9ebc943..4e1a58170d5c 100644 --- a/certs/blacklist.c +++ b/certs/blacklist.c @@ -37,7 +37,7 @@ static int blacklist_vet_description(const char *desc) found_colon: desc++; for (; *desc; desc++) { - if (!isxdigit(*desc)) + if (!isxdigit(*desc) || isupper(*desc)) return -EINVAL; n++; }