Eric Lee / smarc-fsl-linux-kernel

25 Feb, 2018

1 commit

  • f2f12ea19   509: fix printing uninitialized stack memory when OID is empty ... Browse Code »

    [ Upstream commit 8dfd2f22d3bf3ab7714f7495ad5d897b8845e8c1 ]

    Callers of sprint_oid() do not check its return value before printing
    the result. In the case where the OID is zero-length, -EBADMSG was
    being returned without anything being written to the buffer, resulting
    in uninitialized stack memory being printed. Fix this by writing
    "(bad)" to the buffer in the cases where -EBADMSG is returned.

    Fixes: 4f73175d0375 ("X.509: Add utility functions to render OIDs as strings")
    Signed-off-by: Eric Biggers
    Signed-off-by: David Howells
    Signed-off-by: Sasha Levin
    Signed-off-by: Greg Kroah-Hartman

    Eric Biggers
     

09 Sep, 2017

1 commit

  • afdb05e9d   lib/oid_registry.c: X.509: fix the buffer overflow in the utility function for OID string ... Browse Code »

    The sprint_oid() utility function doesn't properly check the buffer size
    that it causes that the warning in vsnprintf() be triggered. For
    example on v4.1 kernel:

    ------------[ cut here ]------------
    WARNING: CPU: 0 PID: 2357 at lib/vsprintf.c:1867 vsnprintf+0x5a7/0x5c0()
    ...

    We can trigger this issue by injecting maliciously crafted x509 cert in
    DER format. Just using hex editor to change the length of OID to over
    the length of the SEQUENCE container. For example:

    0:d=0 hl=4 l= 980 cons: SEQUENCE
    4:d=1 hl=4 l= 700 cons: SEQUENCE
    8:d=2 hl=2 l= 3 cons: cont [ 0 ]
    10:d=3 hl=2 l= 1 prim: INTEGER :02
    13:d=2 hl=2 l= 9 prim: INTEGER :9B47FAF791E7D1E3
    24:d=2 hl=2 l= 13 cons: SEQUENCE
    26:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
    37:d=3 hl=2 l= 0 prim: NULL
    39:d=2 hl=2 l= 121 cons: SEQUENCE
    41:d=3 hl=2 l= 22 cons: SET
    43:d=4 hl=2 l= 20 cons: SEQUENCE
    Signed-off-by: "Lee, Chun-Yi"
    Reported-by: Pawel Wieczorkiewicz
    Cc: David Howells
    Cc: Rusty Russell
    Cc: Pawel Wieczorkiewicz
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Takashi Iwai
     

06 May, 2013

1 commit

08 Oct, 2012

2 commits

  • 4f73175d0   X.509: Add utility functions to render OIDs as strings ... Browse Code »

    Add a pair of utility functions to render OIDs as strings. The first takes an
    encoded OID and turns it into a "a.b.c.d" form string:

    int sprint_oid(const void *data, size_t datasize,
    char *buffer, size_t bufsize);

    The second takes an OID enum index and calls the first on the data held
    therein:

    int sprint_OID(enum OID oid, char *buffer, size_t bufsize);

    Signed-off-by: David Howells
    Signed-off-by: Rusty Russell

    David Howells
     
  • a77ad6ea0   X.509: Implement simple static OID registry ... Browse Code »

    Implement a simple static OID registry that allows the mapping of an encoded
    OID to an enum value for ease of use.

    The OID registry index enum appears in the:

    linux/oid_registry.h

    header file. A script generates the registry from lines in the header file
    that look like:

    OID_foo,/*1.2.3.4*/

    The actual OID is taken to be represented by the numbers with interpolated
    dots in the comment.

    All other lines in the header are ignored.

    The registry is queries by calling:

    OID look_up_oid(const void *data, size_t datasize);

    This returns a number from the registry enum representing the OID if found or
    OID__NR if not.

    Signed-off-by: David Howells
    Signed-off-by: Rusty Russell

    David Howells