Commit fa8151ca authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'keys-trusted-next-6.10-rc1-part2' of...

Merge tag 'keys-trusted-next-6.10-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd

Pull trusted keys fixes from Jarkko Sakkinen:
 "These are two bugs I found from trusted keys while working on a new
  RSA key type for TPM2. Both originate form v5.13.

  The memory leak is more crucial but I don't think it is either good
  idea if kernel throws WARN when ASN.1 parser fails, even if it is
  related to programming error, as it is not that mature code yet.

  There's at least two WARN's in that code but I picked just the one
  more likely to trigger. Planning to fix the other one too over time"

* tag 'keys-trusted-next-6.10-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
  KEYS: trusted: Do not use WARN when encode fails
  KEYS: trusted: Fix memory leak in tpm2_key_encode()
parents 38da32ee 050bf3c7
...@@ -38,6 +38,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, ...@@ -38,6 +38,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload,
u8 *end_work = scratch + SCRATCH_SIZE; u8 *end_work = scratch + SCRATCH_SIZE;
u8 *priv, *pub; u8 *priv, *pub;
u16 priv_len, pub_len; u16 priv_len, pub_len;
int ret;
priv_len = get_unaligned_be16(src) + 2; priv_len = get_unaligned_be16(src) + 2;
priv = src; priv = src;
...@@ -57,8 +58,10 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, ...@@ -57,8 +58,10 @@ static int tpm2_key_encode(struct trusted_key_payload *payload,
unsigned char bool[3], *w = bool; unsigned char bool[3], *w = bool;
/* tag 0 is emptyAuth */ /* tag 0 is emptyAuth */
w = asn1_encode_boolean(w, w + sizeof(bool), true); w = asn1_encode_boolean(w, w + sizeof(bool), true);
if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) {
return PTR_ERR(w); ret = PTR_ERR(w);
goto err;
}
work = asn1_encode_tag(work, end_work, 0, bool, w - bool); work = asn1_encode_tag(work, end_work, 0, bool, w - bool);
} }
...@@ -69,8 +72,10 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, ...@@ -69,8 +72,10 @@ static int tpm2_key_encode(struct trusted_key_payload *payload,
* trigger, so if it does there's something nefarious going on * trigger, so if it does there's something nefarious going on
*/ */
if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE, if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE,
"BUG: scratch buffer is too small")) "BUG: scratch buffer is too small")) {
return -EINVAL; ret = -EINVAL;
goto err;
}
work = asn1_encode_integer(work, end_work, options->keyhandle); work = asn1_encode_integer(work, end_work, options->keyhandle);
work = asn1_encode_octet_string(work, end_work, pub, pub_len); work = asn1_encode_octet_string(work, end_work, pub, pub_len);
...@@ -79,10 +84,18 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, ...@@ -79,10 +84,18 @@ static int tpm2_key_encode(struct trusted_key_payload *payload,
work1 = payload->blob; work1 = payload->blob;
work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob),
scratch, work - scratch); scratch, work - scratch);
if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) if (IS_ERR(work1)) {
return PTR_ERR(work1); ret = PTR_ERR(work1);
pr_err("BUG: ASN.1 encoder failed with %d\n", ret);
goto err;
}
kfree(scratch);
return work1 - payload->blob; return work1 - payload->blob;
err:
kfree(scratch);
return ret;
} }
struct tpm2_key_context { struct tpm2_key_context {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment