• Eric Biggers's avatar
    X.509: fix NULL dereference when restricting key with unsupported_sig · 4b34968e
    Eric Biggers authored
    The asymmetric key type allows an X.509 certificate to be added even if
    its signature's hash algorithm is not available in the crypto API.  In
    that case 'payload.data[asym_auth]' will be NULL.  But the key
    restriction code failed to check for this case before trying to use the
    signature, resulting in a NULL pointer dereference in
    key_or_keyring_common() or in restrict_link_by_signature().
    
    Fix this by returning -ENOPKG when the signature is unsupported.
    
    Reproducer when all the CONFIG_CRYPTO_SHA512* options are disabled and
    keyctl has support for the 'restrict_keyring' command:
    
        keyctl new_session
        keyctl restrict_keyring @s asymmetric builtin_trusted
        openssl req -new -sha512 -x509 -batch -nodes -outform der \
            | keyctl padd asymmetric desc @s
    
    Fixes: a511e1af ("KEYS: Move the point of trust determination to __key_link()")
    Cc: <stable@vger.kernel.org> # v4.7+
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    4b34968e
restrict.c 8.02 KB