From patchwork Mon Nov 27 07:16:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10075963 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 36D20602BD for ; Mon, 27 Nov 2017 07:16:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 284BE28CEA for ; Mon, 27 Nov 2017 07:16:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1D96528CF2; Mon, 27 Nov 2017 07:16:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B54CF28D08 for ; Mon, 27 Nov 2017 07:16:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751235AbdK0HQn (ORCPT ); Mon, 27 Nov 2017 02:16:43 -0500 Received: from mail-pg0-f68.google.com ([74.125.83.68]:43038 "EHLO mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750838AbdK0HQl (ORCPT ); Mon, 27 Nov 2017 02:16:41 -0500 Received: by mail-pg0-f68.google.com with SMTP id r12so18284452pgu.10; Sun, 26 Nov 2017 23:16:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=Z84cbW6pI1ywq2ThcxAAoz2rLogDXPTydbAPS61l+mM=; b=Pvze11POLG1k1p3+PUV4BHrv/WzTO+Eftg+0dEjFOaelQDldtU7PPIwrpkpbK+ZTgt MdEQBGupIrFWBBSVD/rZQEocDjI90Pf+FAe55hBPnJrdU7M3YXTPOcGFeVnUSZ2+Ph76 33cFX/Ok1U+mLWQcTThRSDIO4sz4vGJ1mk/JJ8KPUNSB16biWf1vvGEj4/fr4rahP8I0 SDMdvXSQcQXhyBPZppMEr9arXQm5Imig9cJ4cAyf8pwAoJxQSYU4olPq32uchgjflohQ VNUOGs4SPERFP4vMP6MeO0DFt1PWyEq828G1iZ91ykUvIPgoUc9xN+OZQfM5UY5TCdGf XTyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Z84cbW6pI1ywq2ThcxAAoz2rLogDXPTydbAPS61l+mM=; b=BRM5R28QCfldU7zGQO2ORBBDvetav9sijn2CD6nVLtLa1w2ScgxahVdG0eKggtd5NX ACJbmMXNEM15BUa8VKcE226BzlWhZWNRPUe/gIxYg+S+MwwlVjZwqw5/RNHihzwLvH3x 6fcXMaad//v0CWvd1EMGfkcUv50elg/gbAb7eZYXB1geds2h5Xhw7hkh53WI2wVy3iSr tWeAiyzzI9Ls/irlaYu0dwniclDTYyhNEH4A4He3xtss1rPQYm/ithdldxuMcR5Wqmja K3CQmWayB1fD0nWLjCHKtPUtD1m6gWhfnA3fOO4/NbVot/Oa0vG9mE63yA9QUhOxMDRG BCLQ== X-Gm-Message-State: AJaThX6QRhUtV8TsWImWX43KSolxk9IW4jAPLzW+CNDwj5zICyebrpao WTvMfO/FrmoCFVM0tdzkTAV5sVkl X-Google-Smtp-Source: AGs4zMbNZILQcOj/ZAk8vtEtwyxJ39kn3sVlBPyxyx2IlGH5RgPN+o4TEGsa76ZrIsOltVHrCrMBpw== X-Received: by 10.99.114.30 with SMTP id n30mr35555620pgc.129.1511767001104; Sun, 26 Nov 2017 23:16:41 -0800 (PST) Received: from zzz.localdomain (c-67-185-97-198.hsd1.wa.comcast.net. [67.185.97.198]) by smtp.gmail.com with ESMTPSA id a13sm39885575pgq.10.2017.11.26.23.16.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 26 Nov 2017 23:16:40 -0800 (PST) From: Eric Biggers To: keyrings@vger.kernel.org, David Howells Cc: linux-crypto@vger.kernel.org, Alexander Potapenko , Eric Biggers , stable@vger.kernel.org Subject: [PATCH] X.509: reject invalid BIT STRING for subjectPublicKey Date: Sun, 26 Nov 2017 23:16:20 -0800 Message-Id: <20171127071620.25724-1-ebiggers3@gmail.com> X-Mailer: git-send-email 2.15.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers Adding a specially crafted X.509 certificate whose subjectPublicKey ASN.1 value is zero-length caused x509_extract_key_data() to set the public key size to SIZE_MAX, as it subtracted the nonexistent BIT STRING metadata byte. Then, x509_cert_parse() called kmemdup() with that bogus size, triggering the WARN_ON_ONCE() in kmalloc_slab(). This appears to be harmless, but it still must be fixed since WARNs are never supposed to be user-triggerable. Fix it by updating x509_cert_parse() to validate that the value has a BIT STRING metadata byte, and that the byte is 0 which indicates that the number of bits in the bitstring is a multiple of 8. It would be nice to handle the metadata byte in asn1_ber_decoder() instead. But that would be tricky because in the general case a BIT STRING could be implicitly tagged, and/or could legitimately have a length that is not a whole number of bytes. Here was the WARN (cleaned up slightly): WARNING: CPU: 1 PID: 202 at mm/slab_common.c:971 kmalloc_slab+0x5d/0x70 mm/slab_common.c:971 Modules linked in: CPU: 1 PID: 202 Comm: keyctl Tainted: G B 4.14.0-09238-g1d3b78bbc6e9 #26 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014 task: ffff880033014180 task.stack: ffff8800305c8000 Call Trace: __do_kmalloc mm/slab.c:3706 [inline] __kmalloc_track_caller+0x22/0x2e0 mm/slab.c:3726 kmemdup+0x17/0x40 mm/util.c:118 kmemdup include/linux/string.h:414 [inline] x509_cert_parse+0x2cb/0x620 crypto/asymmetric_keys/x509_cert_parser.c:106 x509_key_preparse+0x61/0x750 crypto/asymmetric_keys/x509_public_key.c:174 asymmetric_key_preparse+0xa4/0x150 crypto/asymmetric_keys/asymmetric_type.c:388 key_create_or_update+0x4d4/0x10a0 security/keys/key.c:850 SYSC_add_key security/keys/keyctl.c:122 [inline] SyS_add_key+0xe8/0x290 security/keys/keyctl.c:62 entry_SYSCALL_64_fastpath+0x1f/0x96 Fixes: 42d5ec27f873 ("X.509: Add an ASN.1 decoder") Cc: # v3.7+ Signed-off-by: Eric Biggers Reviewed-by: James Morris --- crypto/asymmetric_keys/x509_cert_parser.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index dd03fead1ca3..ce2df8c9c583 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -409,6 +409,8 @@ int x509_extract_key_data(void *context, size_t hdrlen, ctx->cert->pub->pkey_algo = "rsa"; /* Discard the BIT STRING metadata */ + if (vlen < 1 || *(const u8 *)value != 0) + return -EBADMSG; ctx->key = value + 1; ctx->key_size = vlen - 1; return 0;