From: Ondrej Kozina <okozina@redhat.com>
To: dm-devel@redhat.com
Cc: dhowells@redhat.com, aryabinin@virtuozzo.com,
mpatocka@redhat.com, snitzer@redhat.com, mbroz@redhat.com
Subject: [PATCH] dm-crypt: check key payload pointer not null
Date: Wed, 23 Nov 2016 21:51:17 +0100 [thread overview]
Message-ID: <1479934277-14913-1-git-send-email-okozina@redhat.com> (raw)
In-Reply-To: <20161121154049.GA13248@redhat.com>
Hi Mike,
those are fixes for latest version (including your cleanup patch). I've fixed one
awkward bug the rest is based on David's sugestions he gave me earlier today.
David, may I also kindly ask you for oficial 'Reviewed-by' stamp provided
it's correct now (with regard to kernel keyring bits)?
bugfix: harden checks for 'user' or 'logon' keywords in key_string (it allowed
to pass with :logo:... or "use:...)
bugfix: we have to check user_key_payload reference after rcu_read_lock().
Otherwise keys revoked between request_key() and rcu_read_lock() calls would
return NULL pointer.
improvement: calling key_validate() right after request_key() is
useless. Exactly same check is performed inside request_key()
routine.
improvement: do not check the whole key_type string again. We already know
it's either 'logon' or 'user'. Read just first char.
---
drivers/md/dm-crypt.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index c6ff083..78ab5e8 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -1501,31 +1501,31 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
if (!key_desc || key_desc == key_string || !strlen(key_desc + 1))
return -EINVAL;
- if (strncmp(key_string, "logon", key_desc - key_string) &&
- strncmp(key_string, "user", key_desc - key_string))
+ if (strncmp(key_string, "logon:", key_desc - key_string + 1) &&
+ strncmp(key_string, "user:", key_desc - key_string + 1))
return -EINVAL;
new_key_string = kstrdup(key_string, GFP_KERNEL);
if (!new_key_string)
return -ENOMEM;
- key = request_key(strncmp(key_string, "user", 4) ? &key_type_logon : &key_type_user,
+ key = request_key(key_string[0] == 'l' ? &key_type_logon : &key_type_user,
key_desc + 1, NULL);
if (IS_ERR(key)) {
kzfree(new_key_string);
return PTR_ERR(key);
}
- ret = key_validate(key);
- if (ret < 0) {
+ rcu_read_lock();
+
+ ukp = user_key_payload(key);
+ if (!ukp) {
+ rcu_read_unlock();
key_put(key);
kzfree(new_key_string);
- return ret;
+ return -EKEYREVOKED;
}
- rcu_read_lock();
-
- ukp = user_key_payload(key);
if (cc->key_size != ukp->datalen) {
rcu_read_unlock();
key_put(key);
--
2.7.4
next prev parent reply other threads:[~2016-11-23 20:51 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-09 13:56 [RFC] dm-crypt: add ability to use keys from the kernel key retention service Andrey Ryabinin
2016-08-10 11:16 ` Ondrej Kozina
2016-08-11 15:01 ` [dm-devel] " Andrey Ryabinin
2016-11-07 9:38 ` [PATCH 0/3] Modified kernel keyring support patch Ondrej Kozina
2016-11-07 9:38 ` [PATCH 1/3] dm-crypt: mark key as invalid until properly loaded Ondrej Kozina
2016-11-07 9:38 ` [PATCH 2/3] dm-crypt: add ability to use keys from the kernel key retention service Ondrej Kozina
2016-11-07 9:38 ` [PATCH 3/3] dm-crypt: modifications to previous patch Ondrej Kozina
2016-11-13 17:22 ` Milan Broz
2016-11-16 20:47 ` [PATCH v2] dm-crypt: add ability to use keys from the kernel key retention service Ondrej Kozina
2016-11-17 16:35 ` Andrey Ryabinin
2016-11-17 19:31 ` Milan Broz
2016-11-17 20:06 ` Ondrej Kozina
2016-11-18 16:55 ` Andrey Ryabinin
2016-11-21 12:23 ` Ondrej Kozina
2016-12-01 17:20 ` [PATCH] dm-crypt: reject key strings containing whitespace chars Ondrej Kozina
2016-11-21 14:58 ` [PATCH v3] dm-crypt: add ability to use keys from the kernel key retention service Ondrej Kozina
2016-11-21 15:40 ` Mike Snitzer
2016-11-23 20:51 ` Ondrej Kozina [this message]
2016-11-24 9:28 ` [PATCH] dm-crypt: check key payload pointer not null David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1479934277-14913-1-git-send-email-okozina@redhat.com \
--to=okozina@redhat.com \
--cc=aryabinin@virtuozzo.com \
--cc=dhowells@redhat.com \
--cc=dm-devel@redhat.com \
--cc=mbroz@redhat.com \
--cc=mpatocka@redhat.com \
--cc=snitzer@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).