From: David Howells <dhowells@redhat.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: dhowells@redhat.com, David Woodhouse <dwmw2@infradead.org>,
linux-integrity@vger.kernel.org, Mimi Zohar <zohar@linux.ibm.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
keyrings@vger.kernel.org
Subject: Re: [PATCH v2 2/8] lib: add asn.1 encoder
Date: Tue, 10 Dec 2019 14:08:49 +0000 [thread overview]
Message-ID: <10037.1575986929@warthog.procyon.org.uk> (raw)
In-Reply-To: <1575984010.3459.4.camel@HansenPartnership.com>
James Bottomley <James.Bottomley@HansenPartnership.com> wrote:
> > Didn't you say you were going to make it return an error when it ran
> > out of space or was asked to encode a negative number?
>
> it follows the pattern of all the other functions in that it dumps a
> kernel warning on problems and bails.
I don't see any bounds checking there, let alone anything that dumps a kernel
warning and bails - except if the length is so large that the ASN.1 cannot be
constructed. That said, there is a check in patch 4.
> ... as long as the buffer doesn't overflow.
Yes, but that's Dave's point.
[from patch 4]
> + * Assume both ovtet strings will encode to a 2 byte definite length
octet, btw.
At least I've found a preliminary bounds check there
> + */
> + if (WARN(work - scratch + pub_len + priv_len + 8 > SCRATCH_SIZE,
> + "BUG: scratch buffer is too small"))
> + return -EINVAL;
which I presume makes the correct calculation.
I thought TPM comms were slow - slow enough that putting bounds checking in
your asn1_encode_* routines will be insignificant.
Further, you're promoting this ASN.1 encoder as a general library within the
kernel, presumably so that other people can make use of it. Please therefore
put bounds checking and error handling in it. And please *don't* just produce
broken ASN.1 when something goes wrong.
David
next prev parent reply other threads:[~2019-12-10 14:08 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-10 0:04 [PATCH v2 0/8] Fix TPM 2.0 trusted keys James Bottomley
2019-12-10 0:04 ` James Bottomley
2019-12-10 0:05 ` [PATCH v2 1/8] security: keys: trusted: flush the key handle after use James Bottomley
2019-12-10 0:05 ` James Bottomley
2019-12-10 0:06 ` [PATCH v2 2/8] lib: add asn.1 encoder James Bottomley
2019-12-10 0:06 ` James Bottomley
2019-12-10 8:18 ` David Woodhouse
2019-12-10 13:20 ` James Bottomley
2019-12-10 13:20 ` James Bottomley
2019-12-10 14:08 ` David Howells [this message]
2019-12-10 18:53 ` James Bottomley
2019-12-10 18:53 ` James Bottomley
2019-12-10 22:37 ` David Woodhouse
2019-12-11 13:02 ` James Bottomley
2019-12-11 13:02 ` James Bottomley
2019-12-18 10:50 ` David Howells
2019-12-18 23:10 ` James Bottomley
2019-12-18 23:10 ` James Bottomley
2019-12-20 16:06 ` James Bottomley
2019-12-20 16:06 ` James Bottomley
2019-12-10 0:06 ` [PATCH v2 3/8] oid_registry: Add TCG defined OIDS for TPM keys James Bottomley
2019-12-10 0:06 ` James Bottomley
2019-12-10 8:18 ` David Woodhouse
2019-12-10 13:22 ` James Bottomley
2019-12-10 13:22 ` James Bottomley
2019-12-10 0:07 ` [PATCH v2 4/8] security: keys: trusted: use ASN.1 tpm2 key format for the blobs James Bottomley
2019-12-10 0:07 ` James Bottomley
2019-12-10 0:08 ` [PATCH v2 5/8] security: keys: trusted: Make sealed key properly interoperable James Bottomley
2019-12-10 0:08 ` James Bottomley
2019-12-10 0:08 ` [PATCH v2 6/8] security: keys: trusted: add PCR policy to TPM2 keys James Bottomley
2019-12-10 0:08 ` James Bottomley
2019-12-10 0:09 ` [PATCH v2 7/8] security: keys: trusted: add ability to specify arbitrary policy James Bottomley
2019-12-10 0:09 ` James Bottomley
2019-12-10 0:10 ` [PATCH v2 8/8] security: keys: trusted: implement counter/timer policy James Bottomley
2019-12-10 0:10 ` James Bottomley
2019-12-11 17:59 ` [PATCH v2 0/8] Fix TPM 2.0 trusted keys Jarkko Sakkinen
2019-12-11 17:59 ` Jarkko Sakkinen
2019-12-14 20:37 ` James Bottomley
2019-12-14 20:37 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=10037.1575986929@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=dwmw2@infradead.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.