Commit 7178a107 authored by Tianjia Zhang's avatar Tianjia Zhang Committed by Linus Torvalds

X.509: Fix crash caused by NULL pointer

On the following call path, `sig->pkey_algo` is not assigned
in asymmetric_key_verify_signature(), which causes runtime
crash in public_key_verify_signature().

  keyctl_pkey_verify
    asymmetric_key_verify_signature
      verify_signature
        public_key_verify_signature

This patch simply check this situation and fixes the crash
caused by NULL pointer.

Fixes: 21552563 ("X.509: support OSCCA SM2-with-SM3 certificate verification")
Reported-by: default avatarTobias Markus <tobias@markus-regensburg.de>
Signed-off-by: default avatarTianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Reviewed-and-tested-by: default avatarToke Høiland-Jørgensen <toke@redhat.com>
Tested-by: default avatarJoão Fonseca <jpedrofonseca@ua.pt>
Acked-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
Cc: stable@vger.kernel.org # v5.10+
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent db58465f
...@@ -356,7 +356,8 @@ int public_key_verify_signature(const struct public_key *pkey, ...@@ -356,7 +356,8 @@ int public_key_verify_signature(const struct public_key *pkey,
if (ret) if (ret)
goto error_free_key; goto error_free_key;
if (strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) { if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 &&
sig->data_size) {
ret = cert_sig_digest_update(sig, tfm); ret = cert_sig_digest_update(sig, tfm);
if (ret) if (ret)
goto error_free_key; goto error_free_key;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment