Re: [PATCH 2/3] trusted-keys: check hex2bin result
From: Mimi Zohar
Date: Tue Sep 20 2011 - 10:25:23 EST
On Tue, 2011-09-20 at 16:57 +0300, Andy Shevchenko wrote:
> On Tue, Sep 20, 2011 at 4:15 PM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> > From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
> >
> > For each hex2bin call in trusted keys, check that the ascii hex string is
> > valid. On failure, return -EINVAL.
> >
> > Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
> > Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
> > ---
> > security/keys/trusted.c | 15 +++++++++++----
> > 1 files changed, 11 insertions(+), 4 deletions(-)
> >
> > diff --git a/security/keys/trusted.c b/security/keys/trusted.c
> > index 0c33e2e..9b847e1 100644
> > --- a/security/keys/trusted.c
> > +++ b/security/keys/trusted.c
> > @@ -779,7 +779,9 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> > opt->pcrinfo_len = strlen(args[0].from) / 2;
> > if (opt->pcrinfo_len > MAX_PCRINFO_SIZE)
> > return -EINVAL;
> > - hex2bin(opt->pcrinfo, args[0].from, opt->pcrinfo_len);
> > + if (!hex2bin(opt->pcrinfo, args[0].from,
> > + opt->pcrinfo_len))
> > + return -EINVAL;
> if (hex2bin(...) < 0)
>
> Everywhere in Patch 2 and 3.
thanks,
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/