From patchwork Fri Apr 21 08:30:33 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 9692087 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 880F26038E for ; Fri, 21 Apr 2017 08:32:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 786EF2860B for ; Fri, 21 Apr 2017 08:32:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6D03028607; Fri, 21 Apr 2017 08:32:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 10D722860B for ; Fri, 21 Apr 2017 08:32:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1036246AbdDUIb6 (ORCPT ); Fri, 21 Apr 2017 04:31:58 -0400 Received: from mail-oi0-f65.google.com ([209.85.218.65]:32819 "EHLO mail-oi0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1035971AbdDUIbz (ORCPT ); Fri, 21 Apr 2017 04:31:55 -0400 Received: by mail-oi0-f65.google.com with SMTP id a189so18209837oib.0; Fri, 21 Apr 2017 01:31:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4yxEZ4cs3k0c6Q318DSRV6+UIccASPTvfayzyx3JQcY=; b=CgYj7UMsI+6/6/XTBniwjD7OrBQjsAilS9B2NHvbNNOnp7Zr1g+5wQMXtWpzPMJ5R9 ZGppep8qEFX55a1nHYD+pkmu3+EyK5ZeHU0VVbY5qYDlaBXo8qfjFB70hcY1fh4L33VZ bUeYU1+gTf7MAOdKqoqE2UoEFCaWeY7L+Dm3ZMuQ179wogRvX/AY60Ix/4qr0BFRvyMj PcKOL286ZouV1+tZZg3V05JL3Mf94QxXR9t5pDCCYXUypM1Au1InUAynisoqVQwzkzar ze8/Cs4t4uBJGVRAsK/rgtdjV0oFKFs4vGADiXlOCHOK2a1curitViPTLNzvEiHzUPeJ bhjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4yxEZ4cs3k0c6Q318DSRV6+UIccASPTvfayzyx3JQcY=; b=V/ZXp8qePAZmwbOWzCzSJHJvC4P33UbBJLBXT6+cVQPI7g2F+9jP47vzpDlpmd7SDZ zGyb3pyLRHyS+b4yCEYcLOQ8/V9fmxRRZLMc8orx855wUPCjMhP2UGP6AMHKTSwMz+mp ABv1iD1Y9IAeqqEVU9jIH4arYttYIgGaKfVHyW7JWZJA8Qxr3zASekWuUfnX/X8nq6du p1Ou/8iVKu4E4k6GAorYCpYwGYTbTR4hVGd2slPl4iuiFmcU6phZm+UyC1kC5vAUSiEQ K14CSy7gSQOivUpEjeWgvRCWNRvNbWx8rQ358JR8gukYnbmibi7y1rQZmpIS5t/iuFm2 gLcw== X-Gm-Message-State: AN3rC/5YEqEBDS6uulRzdfNMALSKeZV/aYNW58oiPNyhMoE6L1FTFf55 gcaxTChZHE/+Hw== X-Received: by 10.84.143.1 with SMTP id 1mr14638190ply.70.1492763514513; Fri, 21 Apr 2017 01:31:54 -0700 (PDT) Received: from localhost.localdomain (c-73-239-167-150.hsd1.wa.comcast.net. [73.239.167.150]) by smtp.gmail.com with ESMTPSA id m187sm14593981pfm.122.2017.04.21.01.31.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Apr 2017 01:31:54 -0700 (PDT) From: Eric Biggers To: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org, David Howells , linux-kernel@vger.kernel.org, Eric Biggers Subject: [PATCH 1/5] KEYS: sanitize add_key() and keyctl() key payloads Date: Fri, 21 Apr 2017 01:30:33 -0700 Message-Id: <20170421083037.12746-2-ebiggers3@gmail.com> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20170421083037.12746-1-ebiggers3@gmail.com> References: <20170421083037.12746-1-ebiggers3@gmail.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers Before returning from add_key() or one of the keyctl() commands that takes in a key payload, zero the temporary buffer that was allocated to hold the key payload copied from userspace. This may contain sensitive key material that should not be kept around in the slab caches. This must not be applied before the patch "KEYS: fix dereferencing NULL payload with nonzero length". Signed-off-by: Eric Biggers --- security/keys/keyctl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 10fcea154c0f..d2852621e358 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -137,6 +137,7 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, key_ref_put(keyring_ref); error3: + memzero_explicit(payload, plen); kvfree(payload); error2: kfree(description); @@ -347,7 +348,7 @@ long keyctl_update_key(key_serial_t id, key_ref_put(key_ref); error2: - kfree(payload); + kzfree(payload); error: return ret; } @@ -1098,6 +1099,7 @@ long keyctl_instantiate_key_common(key_serial_t id, keyctl_change_reqkey_auth(NULL); error2: + memzero_explicit(payload, plen); kvfree(payload); error: return ret;