rxrpc: Don't leak the service-side session key to userspace
Don't let someone reading a service-side rxrpc-type key get access to the session key that was exchanged with the client. The server application will, at some point, need to be able to read the information in the ticket, but this probably shouldn't include the key material. Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
parent
12da59fcab
commit
d2ae4e9182
|
@ -36,6 +36,7 @@ struct rxkad_key {
|
|||
*/
|
||||
struct rxrpc_key_token {
|
||||
u16 security_index; /* RxRPC header security index */
|
||||
bool no_leak_key; /* Don't copy the key to userspace */
|
||||
struct rxrpc_key_token *next; /* the next token in the list */
|
||||
union {
|
||||
struct rxkad_key *kad;
|
||||
|
|
|
@ -579,7 +579,8 @@ static long rxrpc_read(const struct key *key,
|
|||
case RXRPC_SECURITY_RXKAD:
|
||||
toksize += 8 * 4; /* viceid, kvno, key*2, begin,
|
||||
* end, primary, tktlen */
|
||||
toksize += RND(token->kad->ticket_len);
|
||||
if (!token->no_leak_key)
|
||||
toksize += RND(token->kad->ticket_len);
|
||||
break;
|
||||
|
||||
default: /* we have a ticket we can't encode */
|
||||
|
@ -654,7 +655,10 @@ static long rxrpc_read(const struct key *key,
|
|||
ENCODE(token->kad->start);
|
||||
ENCODE(token->kad->expiry);
|
||||
ENCODE(token->kad->primary_flag);
|
||||
ENCODE_DATA(token->kad->ticket_len, token->kad->ticket);
|
||||
if (token->no_leak_key)
|
||||
ENCODE(0);
|
||||
else
|
||||
ENCODE_DATA(token->kad->ticket_len, token->kad->ticket);
|
||||
break;
|
||||
|
||||
default:
|
||||
|
|
Loading…
Reference in New Issue