From patchwork Tue Jun 28 15:35:14 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petko Manolov X-Patchwork-Id: 9203463 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B69CF6074E for ; Tue, 28 Jun 2016 15:35:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A629128597 for ; Tue, 28 Jun 2016 15:35:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 99F4D285FF; Tue, 28 Jun 2016 15:35:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2891F28597 for ; Tue, 28 Jun 2016 15:35:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752188AbcF1Pf1 (ORCPT ); Tue, 28 Jun 2016 11:35:27 -0400 Received: from lan.nucleusys.com ([92.247.61.126]:38010 "EHLO zztop.nucleusys.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752058AbcF1Pf0 (ORCPT ); Tue, 28 Jun 2016 11:35:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mip-labs.com; s=x; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=mHCMLzOh1h93PnglD7huFpQV0/ici/YvOJ2csp20bC0=; b=W2yB2hvKq8PEpeY8WklWtJJTIttCHXenZFsmCZFUieEJcUOGr/6oKPbPYLQoRxH8OjlMCWQyvjy4C68/M0YFlhzedpHFq8YjtAzoMj7KzYiXovMcB+kk9NWiHdgMGBJ2z9KpG4DIdpzYxNygrV9Wa7h8uxkdUP90b7h7v9mZ/wA=; Received: from 78-83-74-100.spectrumnet.bg ([78.83.74.100] helo=localhost) by zztop.nucleusys.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1bHv2j-0001Hh-FQ; Tue, 28 Jun 2016 18:35:17 +0300 Date: Tue, 28 Jun 2016 18:35:14 +0300 From: Petko Manolov To: David Howells Cc: linux-security-module@vger.kernel.org, zohar@linux.vnet.ibm.com, mdb@juniper.net Subject: Re: [IMA] [RFC] blacklist keyring Message-ID: <20160628153514.GA4515@localhost> Mail-Followup-To: David Howells , linux-security-module@vger.kernel.org, zohar@linux.vnet.ibm.com, mdb@juniper.net References: <20160628091348.GE6417@p310> <20160627140149.GB6417@p310> <20160626163802.GA6230@localhost> <20160625101706.GD19933@p310> <32022.1466918601@warthog.procyon.org.uk> <22249.1466980601@warthog.procyon.org.uk> <20160627134844.GA6417@p310> <32259.1467099402@warthog.procyon.org.uk> <7492.1467106924@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <7492.1467106924@warthog.procyon.org.uk> User-Agent: Mutt/1.6.0 (2016-04-01) Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP On 16-06-28 10:42:04, David Howells wrote: > Petko Manolov wrote: > > > If you like i can try to bisect it for you in the afternoon. > > That would be useful if you could, thanks. The commit to blame is 268909d61732f5cd34ea701bf978f199e62e0d58. Kernel explodes at software_key_determine_akcipher() as it does not check if 'encoding' is NULL, which is exactly what happens. The caller (in my test case) is public_key_verify_signature() which passes 'sig->encoding' == NULL. The following is fixing the crash, but it is almost certainly the wrong approach. ;) Petko --- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 8be2586..db53267 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -68,6 +68,9 @@ int software_key_determine_akcipher(const char *encoding, { int n; + if (!encoding) + return -ENOPKG; + if (strcmp(encoding, "pkcs1") == 0) { /* The data wangled by the RSA algorithm is typically padded * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447