OpenCloudOS-Kernel/security/keys
Eric Biggers 5649645d72 KEYS: fix dereferencing NULL payload with nonzero length
sys_add_key() and the KEYCTL_UPDATE operation of sys_keyctl() allowed a
NULL payload with nonzero length to be passed to the key type's
->preparse(), ->instantiate(), and/or ->update() methods.  Various key
types including asymmetric, cifs.idmap, cifs.spnego, and pkcs7_test did
not handle this case, allowing an unprivileged user to trivially cause a
NULL pointer dereference (kernel oops) if one of these key types was
present.  Fix it by doing the copy_from_user() when 'plen' is nonzero
rather than when '_payload' is non-NULL, causing the syscall to fail
with EFAULT as expected when an invalid buffer is specified.

Cc: stable@vger.kernel.org # 2.6.10+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-06-09 13:29:47 +10:00
..
encrypted-keys KEYS: encrypted: use constant-time HMAC comparison 2017-06-09 13:29:47 +10:00
Kconfig security/keys: add CONFIG_KEYS_COMPAT to Kconfig 2017-06-09 13:29:45 +10:00
Makefile KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
big_key.c KEYS: Sort out big_key initialisation 2016-10-27 16:03:27 +11:00
compat.c KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
compat_dh.c KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
dh.c KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
gc.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-05-03 08:50:52 -07:00
internal.h KEYS: add SP800-56A KDF support for DH 2017-04-04 22:33:38 +01:00
key.c KEYS: Consistent ordering for __key_link_begin and restrict check 2017-04-04 14:10:11 -07:00
keyctl.c KEYS: fix dereferencing NULL payload with nonzero length 2017-06-09 13:29:47 +10:00
keyring.c security: use READ_ONCE instead of deprecated ACCESS_ONCE 2017-06-09 13:29:45 +10:00
permission.c KEYS: Move the flags representing required permission to linux/key.h 2014-03-14 17:44:49 +00:00
persistent.c sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h> 2017-03-02 08:42:31 +01:00
proc.c security, keys: convert key_user.usage from atomic_t to refcount_t 2017-04-03 10:49:06 +10:00
process_keys.c KEYS: put keyring if install_session_keyring_to_cred() fails 2017-06-09 13:29:46 +10:00
request_key.c Make static usermode helper binaries constant 2017-01-19 12:59:45 +01:00
request_key_auth.c security, keys: convert key.usage from atomic_t to refcount_t 2017-04-03 10:49:05 +10:00
sysctl.c security: Convert use of typedef ctl_table to struct ctl_table 2014-04-15 13:39:58 +10:00
trusted.c KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload() 2017-03-02 10:09:00 +11:00
trusted.h keys, trusted: move struct trusted_key_options to trusted-type.h 2015-10-19 01:01:21 +02:00
user_defined.c KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload() 2017-03-02 10:09:00 +11:00