From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>,
Sasha Levin <sashal@kernel.org>,
linux-afs@lists.infradead.org, keyrings@vger.kernel.org,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 32/66] rxrpc: Don't leak the service-side session key to userspace
Date: Tue, 22 Dec 2020 21:22:18 -0500 [thread overview]
Message-ID: <20201223022253.2793452-32-sashal@kernel.org> (raw)
In-Reply-To: <20201223022253.2793452-1-sashal@kernel.org>
From: David Howells <dhowells@redhat.com>
[ Upstream commit d2ae4e918218f543214fbd906db68a6c580efbbb ]
Don't let someone reading a service-side rxrpc-type key get access to the
session key that was exchanged with the client. The server application
will, at some point, need to be able to read the information in the ticket,
but this probably shouldn't include the key material.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/keys/rxrpc-type.h | 1 +
net/rxrpc/key.c | 8 ++++++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h
index 8cf829dbf20ec..1cb996dac3238 100644
--- a/include/keys/rxrpc-type.h
+++ b/include/keys/rxrpc-type.h
@@ -88,6 +88,7 @@ struct rxk5_key {
*/
struct rxrpc_key_token {
u16 security_index; /* RxRPC header security index */
+ bool no_leak_key; /* Don't copy the key to userspace */
struct rxrpc_key_token *next; /* the next token in the list */
union {
struct rxkad_key *kad;
diff --git a/net/rxrpc/key.c b/net/rxrpc/key.c
index 2fe2add62a8ed..dd8a12847b712 100644
--- a/net/rxrpc/key.c
+++ b/net/rxrpc/key.c
@@ -1077,7 +1077,8 @@ static long rxrpc_read(const struct key *key,
case RXRPC_SECURITY_RXKAD:
toksize += 8 * 4; /* viceid, kvno, key*2, begin,
* end, primary, tktlen */
- toksize += RND(token->kad->ticket_len);
+ if (!token->no_leak_key)
+ toksize += RND(token->kad->ticket_len);
break;
case RXRPC_SECURITY_RXK5:
@@ -1181,7 +1182,10 @@ static long rxrpc_read(const struct key *key,
ENCODE(token->kad->start);
ENCODE(token->kad->expiry);
ENCODE(token->kad->primary_flag);
- ENCODE_DATA(token->kad->ticket_len, token->kad->ticket);
+ if (token->no_leak_key)
+ ENCODE(0);
+ else
+ ENCODE_DATA(token->kad->ticket_len, token->kad->ticket);
break;
case RXRPC_SECURITY_RXK5:
--
2.27.0
next prev parent reply other threads:[~2020-12-23 2:40 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20201223022253.2793452-1-sashal@kernel.org>
2020-12-23 2:21 ` [PATCH AUTOSEL 4.14 04/66] staging: wimax: depends on NET Sasha Levin
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 16/66] Bluetooth: hidp: use correct wait queue when removing ctrl_wait Sasha Levin
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 17/66] net: skb_vlan_untag(): don't reset transport offset if set by GRO layer Sasha Levin
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 18/66] mwifiex: pcie: skip cancel_work_sync() on reset failure path Sasha Levin
2020-12-23 2:22 ` Sasha Levin [this message]
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 39/66] brcmsmac: ampdu: Check BA window size before checking block ack Sasha Levin
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 40/66] hv_netvsc: Validate number of allocated sub-channels Sasha Levin
2020-12-23 2:47 ` Michael Kelley
2020-12-23 8:59 ` Andrea Parri
2020-12-23 14:14 ` Sasha Levin
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 45/66] net/lapb: fix t1 timer handling for LAPB_STATE_0 Sasha Levin
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 48/66] bridge: switchdev: Notify about VLAN protocol changes Sasha Levin
2020-12-23 15:31 ` Vladimir Oltean
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 53/66] mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start Sasha Levin
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 55/66] iwlwifi: trans: consider firmware dead after errors Sasha Levin
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 56/66] iwlwifi: add an extra firmware state in the transport Sasha Levin
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 59/66] nl80211: always accept scan request with the duration set Sasha Levin
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 60/66] cfg80211: Save the regulatory domain when setting custom regulatory Sasha Levin
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 61/66] mac80211: disallow band-switch during CSA Sasha Levin
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 62/66] mac80211: Fix calculation of minimal channel width Sasha Levin
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 63/66] mac80211: don't filter out beacons once we start CSA Sasha Levin
2020-12-23 2:22 ` [PATCH AUTOSEL 4.14 64/66] mac80211: Update rate control on channel change Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201223022253.2793452-32-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=dhowells@redhat.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).