linux/crypto/asymmetric_keys
Nicolai Stange e54358915d PKCS#7: pkcs7_validate_trust(): initialize the _trusted output argument
Despite what the DocBook comment to pkcs7_validate_trust() says, the
*_trusted argument is never set to false.

pkcs7_validate_trust() only positively sets *_trusted upon encountering
a trusted PKCS#7 SignedInfo block.

This is quite unfortunate since its callers, system_verify_data() for
example, depend on pkcs7_validate_trust() clearing *_trusted on non-trust.

Indeed, UBSAN splats when attempting to load the uninitialized local
variable 'trusted' from system_verify_data() in pkcs7_validate_trust():

  UBSAN: Undefined behaviour in crypto/asymmetric_keys/pkcs7_trust.c:194:14
  load of value 82 is not a valid value for type '_Bool'
  [...]
  Call Trace:
    [<ffffffff818c4d35>] dump_stack+0xbc/0x117
    [<ffffffff818c4c79>] ? _atomic_dec_and_lock+0x169/0x169
    [<ffffffff8194113b>] ubsan_epilogue+0xd/0x4e
    [<ffffffff819419fa>] __ubsan_handle_load_invalid_value+0x111/0x158
    [<ffffffff819418e9>] ? val_to_string.constprop.12+0xcf/0xcf
    [<ffffffff818334a4>] ? x509_request_asymmetric_key+0x114/0x370
    [<ffffffff814b83f0>] ? kfree+0x220/0x370
    [<ffffffff818312c2>] ? public_key_verify_signature_2+0x32/0x50
    [<ffffffff81835e04>] pkcs7_validate_trust+0x524/0x5f0
    [<ffffffff813c391a>] system_verify_data+0xca/0x170
    [<ffffffff813c3850>] ? top_trace_array+0x9b/0x9b
    [<ffffffff81510b29>] ? __vfs_read+0x279/0x3d0
    [<ffffffff8129372f>] mod_verify_sig+0x1ff/0x290
    [...]

The implication is that pkcs7_validate_trust() effectively grants trust
when it really shouldn't have.

Fix this by explicitly setting *_trusted to false at the very beginning
of pkcs7_validate_trust().

Cc: <stable@vger.kernel.org>
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-03-23 20:57:24 +08:00
..
.gitignore X.509: Add a crypto key parser for binary (DER) X.509 certificates 2012-10-08 13:50:22 +10:30
asymmetric_keys.h KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
asymmetric_type.c KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
Kconfig crypto: keys - Revert "convert public key to akcipher api" 2016-02-09 16:18:01 +08:00
Makefile crypto: keys - Revert "convert public key to akcipher api" 2016-02-09 16:18:01 +08:00
mscode_parser.c PKCS#7: Add OIDs for sha224, sha284 and sha512 hash algos and use them 2015-09-01 09:59:20 +10:00
mscode.asn1 pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
pkcs7_key_type.c PKCS#7: Add MODULE_LICENSE() to test module 2015-08-13 02:51:33 +01:00
pkcs7_parser.c crypto: keys - Revert "convert public key to akcipher api" 2016-02-09 16:18:01 +08:00
pkcs7_parser.h PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
pkcs7_trust.c PKCS#7: pkcs7_validate_trust(): initialize the _trusted output argument 2016-03-23 20:57:24 +08:00
pkcs7_verify.c crypto: keys - Revert "convert public key to akcipher api" 2016-02-09 16:18:01 +08:00
pkcs7.asn1 PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
public_key.c crypto: keys - Revert "convert public key to akcipher api" 2016-02-09 16:18:01 +08:00
public_key.h crypto: keys - Revert "convert public key to akcipher api" 2016-02-09 16:18:01 +08:00
rsa.c crypto: keys - Revert "convert public key to akcipher api" 2016-02-09 16:18:01 +08:00
signature.c crypto: asymmetric_keys - signature.c does not need <module.h> 2015-12-11 22:55:19 +08:00
verify_pefile.c PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
verify_pefile.h pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
x509_akid.asn1 X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_cert_parser.c crypto: keys - Revert "convert public key to akcipher api" 2016-02-09 16:18:01 +08:00
x509_parser.h KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
x509_public_key.c crypto: keys - Revert "convert public key to akcipher api" 2016-02-09 16:18:01 +08:00
x509_rsakey.asn1 crypto: keys - Revert "convert public key to akcipher api" 2016-02-09 16:18:01 +08:00
x509.asn1 X.509: Add bits needed for PKCS#7 2014-07-01 16:40:19 +01:00