Re: [PATCH 00/29] Crypto keys and module signing [ver #4]

From: David Howells
Date: Fri May 11 2012 - 10:32:37 EST

Next message: Jiri Kosina: "Re: [PATCH v2 1/1] HID: logitech: read all 32 bits of report typebitfield"
Previous message: Mel Gorman: "Re: [PATCH 10/17] netvm: Allow skb allocation to use PFMEMALLOCreserves"
In reply to: Tetsuo Handa: "Re: [PATCH 00/29] Crypto keys and module signing [ver #4]"
Next in thread: David Howells: "Re: [PATCH 00/29] Crypto keys and module signing [ver #4]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote:

> + int npkey = key->algo->n_pub_mpi;
> + int i, ret = -ENOMEM;
> +
> + kenter("");
> +
> + n = (pgp->version < PGP_KEY_VERSION_4) ? 8 : 6;
> + for (i = 0; i < npkey; i++) {
> + nb[i] = mpi_get_nbits(key->mpi[i]);
>
> Is key->algo->n_pub_mpi < ARRAY_SIZE(key->mpi) guaranteed?

Yes. It's hard-coded in the public_key_algorithm struct - for instance the
one to be found at the bottom of security/keys/crypto_rsa.c.

We also check for an excessive quantity of MPIs in pgp_process_public_key().

> + if( pgp->expires_at)
>
> checkpatch.pl

Fixed some of those.

> +error:
> + for (i = 0; i < npkey; i++)
> + kfree(pp[i]);
>
> Stack memory may not be initialized.

Fair point.

> + hashedsz = 4 + 2 + (data[4] << 8) + data[5];
>
> Given the (datalen <= 2) check below, can we trust data[4,5] here?

We've already done some length and content checking on the signature data. In
the module verification case, this happens:

(1) module_verify_sig() has already passed the signature data to
verify_sig_begin(),

(2) which passed it to pgp_pkey_verify_sig_begin(),

(3) which invoked pgp_parse_packets(),

(4) which called back to pgp_pkey_parse_signature(),

(5) which then invoked pgp_parse_sig_params() which did sufficient length
checking to make sure we're okay here.

by the time we get to pgp_pkey_digest_signature() we're at the end of the
process (in verify_sig_end()).

The trailer, however, is not checked at that point - though I suppose it
probably should be. There isn't currently an MPI function to do just a check
rather than an extraction.

I can add comments to this effect if you think it would help reduce confusion.

> +static int module_verify_canonicalise(struct module_verify_data *mvdata)
> +{
> + const Elf_Shdr *sechdrs = mvdata->sections;
> + unsigned *canonlist, canon, loop, tmp;
> + bool changed;
> +
> + canonlist = kmalloc(sizeof(unsigned) * mvdata->nsects * 2, GFP_KERNEL);
> + if (!canonlist)
> + return -ENOMEM;
>
> Can mvdata->nsects == (UINT_MAX + 1) / (sizeof(unsigned) * 2) due to size_t?
> I think we want kmalloc() variant that does not return ZERO_SIZE_PTR.

This line should prevent that:

elfcheck(hdr->e_shnum < SHN_LORESERVE);

given:

#define SHN_LORESERVE 0xff00

Thanks for the thorough review!

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jiri Kosina: "Re: [PATCH v2 1/1] HID: logitech: read all 32 bits of report typebitfield"
Previous message: Mel Gorman: "Re: [PATCH 10/17] netvm: Allow skb allocation to use PFMEMALLOCreserves"
In reply to: Tetsuo Handa: "Re: [PATCH 00/29] Crypto keys and module signing [ver #4]"
Next in thread: David Howells: "Re: [PATCH 00/29] Crypto keys and module signing [ver #4]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]