Re: [PATCH v3] crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

Next message: Steve Wahl: "[PATCH] tick/sched: Use trylock for jiffies updates by non-timekeeper CPUs"
Previous message: Mario Limonciello: "Re: [PATCH v2] x86/CPU/AMD: Prevent reset reasons from being retained among boots"
In reply to: Thorsten Blum: "[PATCH v3] crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Lukas Wunner

Date: Mon Oct 13 2025 - 11:39:24 EST

On Mon, Oct 13, 2025 at 01:40:10PM +0200, Thorsten Blum wrote:
> Use check_add_overflow() to guard against potential integer overflows
> when adding the binary blob lengths and the size of an asymmetric_key_id
> structure and return ERR_PTR(-EOVERFLOW) accordingly. This prevents a
> possible buffer overflow when copying data from potentially malicious
> X.509 certificate fields that can be arbitrarily large, such as ASN.1
> INTEGER serial numbers, issuer names, etc.
>
> Fixes: 7901c1a8effb ("KEYS: Implement binary asymmetric key ID handling")
> Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxx>

Reviewed-by: Lukas Wunner <lukas@xxxxxxxxx>