a7y18lte-ubports/android_kernel_samsung_universal7885
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
abda3469c3
android_kernel_samsung_univ.../security/keys
History
Eric Biggers 33813d43dd KEYS: encrypted: fix buffer overread in valid_master_desc() 
commit 794b4bc292f5d31739d89c0202c54e7dc9bc3add upstream.

With the 'encrypted' key type it was possible for userspace to provide a
data blob ending with a master key description shorter than expected,
e.g. 'keyctl add encrypted desc "new x" @s'.  When validating such a
master key description, validate_master_desc() could read beyond the end
of the buffer.  Fix this by using strncmp() instead of memcmp().  [Also
clean up the code to deduplicate some logic.]

Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Jin Qian <jinqian@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-16 20:09:38 +01:00
..
encrypted-keys KEYS: encrypted: fix buffer overread in valid_master_desc() 2018-02-16 20:09:38 +01:00
big_key.c
compat.c
gc.c
internal.h
Kconfig security/keys: add CONFIG_KEYS_COMPAT to Kconfig 2017-11-18 11:11:07 +01:00
key.c
keyctl.c
keyring.c KEYS: return full count in keyring_read() if buffer is too small 2017-11-08 10:06:27 +01:00
Makefile
permission.c
persistent.c
proc.c
process_keys.c
request_key_auth.c
request_key.c KEYS: add missing permission check for request_key() destination 2017-12-20 10:04:52 +01:00
sysctl.c
trusted.c KEYS: trusted: fix writing past end of buffer in trusted_read() 2017-11-15 17:13:11 +01:00
trusted.h
user_defined.c