linux/security/keys
Linus Torvalds 94c13f66e1 security: don't use a negative Opt_err token index
The code uses a bitmap to check for duplicate tokens during parsing, and
that doesn't work at all for the negative Opt_err token case.

There is absolutely no reason to make Opt_err be negative, and in fact
it only confuses things, since some of the affected functions actually
return a positive Opt_xyz enum _or_ a regular negative error code (eg
-EINVAL), and using -1 for Opt_err makes no sense.

There are similar problems in ima_policy.c and key encryption, but they
don't have the immediate bug wrt bitmap handing, and ima_policy.c in
particular needs a different patch to make the enum values match the
token array index.  Mimi is sending that separately.

Reported-by: syzbot+a22e0dc07567662c50bc@syzkaller.appspotmail.com
Reported-by: Eric Biggers <ebiggers@kernel.org>
Fixes: 5208cc8342 ("keys, trusted: fix: *do not* allow duplicate key options")
Fixes: 00d60fd3b9 ("KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2]")
Cc: James Morris James Morris <jmorris@namei.org>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-12-17 16:21:48 -08:00
..
encrypted-keys License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig security/keys: BIG_KEY requires CONFIG_CRYPTO 2017-10-18 09:12:40 +01:00
Makefile KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2] 2018-10-26 09:30:46 +01:00
big_key.c big key: get rid of stack array allocation 2018-05-11 13:07:45 -07:00
compat.c KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2] 2018-10-26 09:30:46 +01:00
compat_dh.c KEYS: DH: validate __spare field 2017-07-14 11:01:38 +10:00
dh.c Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name" 2018-09-25 13:28:58 +02:00
gc.c Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
internal.h KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2] 2018-10-26 09:30:46 +01:00
key.c security: keys: remove redundant assignment to key_ref 2017-12-08 15:13:29 +00:00
keyctl.c KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2] 2018-10-26 09:30:46 +01:00
keyctl_pkey.c security: don't use a negative Opt_err token index 2018-12-17 16:21:48 -08:00
keyring.c keyring: Remove now-redundant smp_read_barrier_depends() 2017-12-04 10:53:14 -08:00
permission.c security: keys: Replace time_t/timespec with time64_t 2017-11-15 16:38:45 +00:00
persistent.c sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h> 2017-03-02 08:42:31 +01:00
proc.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
process_keys.c security: keys: Replace time_t/timespec with time64_t 2017-11-15 16:38:45 +00:00
request_key.c KEYS: add missing permission check for request_key() destination 2017-12-08 15:13:27 +00:00
request_key_auth.c KEYS: Fix race between updating and finding a negative key 2017-10-18 09:12:40 +01:00
sysctl.c security: Convert use of typedef ctl_table to struct ctl_table 2014-04-15 13:39:58 +10:00
trusted.c security: don't use a negative Opt_err token index 2018-12-17 16:21:48 -08:00
user_defined.c KEYS: Fix race between updating and finding a negative key 2017-10-18 09:12:40 +01:00