Re: [PATCH 1/2] crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

Next message: Pankaj Raghav (Samsung): "Re: [PATCH 1/2] mm/huge_memory: do not change split_huge_page*() target order silently."
Previous message: Tetsuo Handa: "Re: [PATCH] bfs: Verify inode mode when loading from disk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Lukas Wunner

Date: Sun Oct 12 2025 - 03:38:46 EST

On Tue, Oct 07, 2025 at 08:52:20PM +0200, Thorsten Blum wrote:
> +++ b/crypto/asymmetric_keys/asymmetric_type.c
> @@ -141,12 +142,13 @@ struct asymmetric_key_id *asymmetric_key_generate_id(const void *val_1,
> size_t len_2)
> {
> struct asymmetric_key_id *kid;
> + size_t len;
>
> - kid = kmalloc(sizeof(struct asymmetric_key_id) + len_1 + len_2,
> - GFP_KERNEL);
> + len = size_add(len_1, len_2);
> + kid = kmalloc(struct_size(kid, data, len), GFP_KERNEL);
> if (!kid)
> return ERR_PTR(-ENOMEM);

This should error out on overflow, rather than continuing with a
SIZE_MAX length. So how about using check_add_overflow() instead
of size_add() and returning -EOVERFLOW if that returns true?

asymmetric_key_generate_id() is invoked, among other things, with
the raw serial number from the X.509 certificate, which is an
ASN.1 INTEGER, which can be arbitrarily large. (You may want to
mention that in the commit message.) So checking for overflows
does seem to make sense to guard against maliciously crafted
certificates.

Thanks,

Lukas