From patchwork Tue Nov 28 18:56:27 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers3@gmail.com>
X-Patchwork-Id: 10080903
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	53449602DC for <patchwork-linux-crypto@patchwork.kernel.org>;
	Tue, 28 Nov 2017 18:56:34 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 48BD0295BF
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Tue, 28 Nov 2017 18:56:34 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 3DA9A295BE; Tue, 28 Nov 2017 18:56:34 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.4 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, FSL_HELO_FAKE,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DE218295C0
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Tue, 28 Nov 2017 18:56:33 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752260AbdK1S4d (ORCPT
	<rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
	Tue, 28 Nov 2017 13:56:33 -0500
Received: from mail-yb0-f194.google.com ([209.85.213.194]:37169 "EHLO
	mail-yb0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753410AbdK1S4c (ORCPT
	<rfc822;linux-crypto@vger.kernel.org>);
	Tue, 28 Nov 2017 13:56:32 -0500
Received: by mail-yb0-f194.google.com with SMTP id 5so371775ybp.4;
	Tue, 28 Nov 2017 10:56:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=date:from:to:cc:subject:message-id:references:mime-version
	:content-disposition:in-reply-to:user-agent;
	bh=a5KWiZD5K8nx3dfHCEHICkdkO4N1HZHlw8HxdeiiYAI=;
	b=frDjDlKtgXiLcE0r3y6lpXrYWdxHs94NCgVjRVoDpCuMdiHka2Sk78Jwq6Y2wob/nf
	mXMl6QGoNGSHpzk0OdP5+TxOPUmK/dNHh3a+3CWN6chOjfks5WYXo1X5Ca60PH5n5o5H
	f8vTKWb0QKE2nXHTUJ7FCjei21iVHh9cIVljxfWOc2F3hbso+aEiK/d3O2aba+8OBbC/
	+FlENxAj+GE9taPZCzD8spurHnbA3eJEXXXsfSkmcMmHmbyKOG1qJNhPqjaDiUODmdME
	765ztYAMe0HLYgG7yFX3f90xEIwFXKwBm71UbBHSLI7ye4I0XRSkc4Vx/dG+DOam/iwL
	U4mg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:references
	:mime-version:content-disposition:in-reply-to:user-agent;
	bh=a5KWiZD5K8nx3dfHCEHICkdkO4N1HZHlw8HxdeiiYAI=;
	b=KgS+qqICJ4qVZP9PBwt7vlPiJMX+MG+VOtL8Q8Y9E3WPc/mUp9pKqRqRj1k8J9x56u
	RpfbAJHJFLdtI5ZLMcHVyDxL0XjVITvPmktjod44FJZw4fnhFDyOZDNLjg2h1tlINgg5
	RKMsmuN2P2k0CtuoG5GRXrxE29194mTZ7XJaccvoLn3BMBBzoUPpEwkW/NP5sFblb8a9
	/xaq4LKRHuxtTajoGPSwlI4oU8LPDizSbJM222Yqu+wvN0X/8AJeUcSs4Fi+pzXQBNWm
	MWsXh7IMHXiEW2j7PWGFzxLDdYedH5z19vxPmzsOE1JfMHwZumkJfw0EGk+v8J4aZBuI
	Fxsg==
X-Gm-Message-State: AJaThX7brGFmCP4mWuXDew590Kd6vytVdS2ukG+UxF9VfhNGB1YmXZ2Z
	oKvrY3QmQtAA0jwdmknY40I=
X-Google-Smtp-Source: 
 AGs4zMZ3Z3Sep4Mfkv1J7MdAW5Oc2SLRSiG9+G8i33JIGsVNqoUFUrgMmH+mH7yCbCdz9wFes1578w==
X-Received: by 10.37.123.7 with SMTP id w7mr136174ybc.18.1511895391175;
	Tue, 28 Nov 2017 10:56:31 -0800 (PST)
Received: from gmail.com ([2620:15c:17:3:c5e6:5eff:7183:ea5b])
	by smtp.gmail.com with ESMTPSA id
	f4sm13232046ywa.68.2017.11.28.10.56.30
	(version=TLS1_2 cipher=AES128-SHA bits=128/128);
	Tue, 28 Nov 2017 10:56:30 -0800 (PST)
Date: Tue, 28 Nov 2017 10:56:27 -0800
From: Eric Biggers <ebiggers3@gmail.com>
To: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
	Alexander Potapenko <glider@google.com>,
	Eric Biggers <ebiggers@google.com>, Takashi Iwai <tiwai@suse.de>
Subject: Re: [PATCH] X.509: fix printing uninitialized stack memory when OID
	is empty
Message-ID: <20171128185627.GB45321@gmail.com>
References: <20171127071817.25999-1-ebiggers3@gmail.com>
	<10620.1511867034@warthog.procyon.org.uk>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <10620.1511867034@warthog.procyon.org.uk>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Hi David,

On Tue, Nov 28, 2017 at 11:03:54AM +0000, David Howells wrote:
> I wonder if all -EBADMSG returns here should just print "(badoid)" into the
> buffer.
> 

I don't really care either way; it's just a question of whether it's better to
truncate the bad part, or print a special value.  If you prefer the latter here
is a revised patch to consider.  (I went with "(bad)" instead of "(badoid)"
because the callers already label the string as an OID.):

---8<---

From 5a68ec1afd819e145446a97268bd790f9f3226b3 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Tue, 28 Nov 2017 10:47:42 -0800
Subject: [PATCH v2] X.509: fix printing uninitialized stack memory when OID is
 empty

Callers of sprint_oid() do not check its return value before printing
the result.  In the case where the OID is zero-length, -EBADMSG was
being returned without anything being written to the buffer, resulting
in uninitialized stack memory being printed.  Fix this by writing
"(bad)" to the buffer in the cases where -EBADMSG is returned.

Fixes: 4f73175d0375 ("X.509: Add utility functions to render OIDs as strings")
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 lib/oid_registry.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/oid_registry.c b/lib/oid_registry.c
index 41b9e50711a7..b5f7d9986be1 100644
--- a/lib/oid_registry.c
+++ b/lib/oid_registry.c
@@ -116,7 +116,7 @@ int sprint_oid(const void *data, size_t datasize, char *buffer, size_t bufsize)
 	int count;
 
 	if (v >= end)
-		return -EBADMSG;
+		goto bad;
 
 	n = *v++;
 	ret = count = snprintf(buffer, bufsize, "%u.%u", n / 40, n % 40);
@@ -134,7 +134,7 @@ int sprint_oid(const void *data, size_t datasize, char *buffer, size_t bufsize)
 			num = n & 0x7f;
 			do {
 				if (v >= end)
-					return -EBADMSG;
+					goto bad;
 				n = *v++;
 				num <<= 7;
 				num |= n & 0x7f;
@@ -148,6 +148,10 @@ int sprint_oid(const void *data, size_t datasize, char *buffer, size_t bufsize)
 	}
 
 	return ret;
+
+bad:
+	snprintf(buffer, bufsize, "(bad)");
+	return -EBADMSG;
 }
 EXPORT_SYMBOL_GPL(sprint_oid);