Keyrings fixes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAVBhlXROxKuMESys7AQIQghAAmxHRD9kD7AJrlcL187gTXl5dRyxQNhX0
myT9A1/01jHJh6mPPKS5jt5ooenwfcbvBkdUARLNLq6j7urIzFk+UtSmfcN1OMXw
3y15nuJKbSCZRzPMR94Z0Ik23YED9dmc4ubxW7E+psoWWIZUvFt4GaGw7ei77O39
8Pbt/n7nIx2+s8aiXte2Om/zqzyMEmcLd3Mzlqxe4GX1jo/ThNQZ348EL+ECxJEl
3OKe7i7oRfa48+SybmhW5Bx/2f/aQMcIQX04+akOFMIC505rUg6CTzphcrTyV5/s
6FdQexRquf8/Ei/6DMAYPhnumRfWJ5x9txiNSEY4i11AIjo6Bt65vaLPuNniYRNI
b6Wn8SSE8Ucrq5RrmNlSmoJCs7r1NE+JdOaEPO0MDVkOouaja8daISmveV2AfZfF
bITOQgEw3QRpyL2FYdwa39/NXCONBILfL5HvNyXEfPEHBhI8igTgEyXYRwNHV9jT
dsVFTc9ZIrjksLt3CDh4Z8xdyZbyojYdRCfH/wna9aAkZpwwGfSYCcR3dE6SK26y
IjkqEVJoCFHEnvLUQkAQrc/2qWX2D1qHrcjVLwzwbM5G66YIPeLcJlZK2FbiY0Ay
Yc/kUJY0hU5W+TfFb1hhjO5G2DTTw8Ou6MGcxSTE3HwzqICjDhE7BwFZdVikHRP0
xMtjfJnMwuM=
=v+dv
-----END PGP SIGNATURE-----
Merge tag 'keys-fixes-20140916' into keys-next
Merge in keyrings fixes, at least some of which later patches depend on:
(1) Reinstate the production of EPERM for key types beginning with '.' in
requests from userspace.
(2) Tidy up the cleanup of PKCS#7 message signed information blocks and fix a
bug this made more obvious.
Signed-off-by: David Howells <dhowells@redhat.coM>
This commit is contained in:
David Howells
commit
68c45c7fea
@ -31,6 +31,18 @@ struct pkcs7_parse_context {
|
|||||||
unsigned sinfo_index;
|
unsigned sinfo_index;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Free a signed information block.
|
||||||
|
*/
|
||||||
|
static void pkcs7_free_signed_info(struct pkcs7_signed_info *sinfo)
|
||||||
|
{
|
||||||
|
if (sinfo) {
|
||||||
|
mpi_free(sinfo->sig.mpi[0]);
|
||||||
|
kfree(sinfo->sig.digest);
|
||||||
|
kfree(sinfo);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* pkcs7_free_message - Free a PKCS#7 message
|
* pkcs7_free_message - Free a PKCS#7 message
|
||||||
* @pkcs7: The PKCS#7 message to free
|
* @pkcs7: The PKCS#7 message to free
|
||||||
@ -54,9 +66,7 @@ void pkcs7_free_message(struct pkcs7_message *pkcs7)
|
|||||||
while (pkcs7->signed_infos) {
|
while (pkcs7->signed_infos) {
|
||||||
sinfo = pkcs7->signed_infos;
|
sinfo = pkcs7->signed_infos;
|
||||||
pkcs7->signed_infos = sinfo->next;
|
pkcs7->signed_infos = sinfo->next;
|
||||||
mpi_free(sinfo->sig.mpi[0]);
|
pkcs7_free_signed_info(sinfo);
|
||||||
kfree(sinfo->sig.digest);
|
|
||||||
kfree(sinfo);
|
|
||||||
}
|
}
|
||||||
kfree(pkcs7);
|
kfree(pkcs7);
|
||||||
}
|
}
|
||||||
@ -71,51 +81,46 @@ EXPORT_SYMBOL_GPL(pkcs7_free_message);
|
|||||||
struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
|
struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
|
||||||
{
|
{
|
||||||
struct pkcs7_parse_context *ctx;
|
struct pkcs7_parse_context *ctx;
|
||||||
struct pkcs7_message *msg;
|
struct pkcs7_message *msg = ERR_PTR(-ENOMEM);
|
||||||
long ret;
|
int ret;
|
||||||
|
|
||||||
ret = -ENOMEM;
|
|
||||||
msg = kzalloc(sizeof(struct pkcs7_message), GFP_KERNEL);
|
|
||||||
if (!msg)
|
|
||||||
goto error_no_sig;
|
|
||||||
ctx = kzalloc(sizeof(struct pkcs7_parse_context), GFP_KERNEL);
|
ctx = kzalloc(sizeof(struct pkcs7_parse_context), GFP_KERNEL);
|
||||||
if (!ctx)
|
if (!ctx)
|
||||||
goto error_no_ctx;
|
goto out_no_ctx;
|
||||||
|
ctx->msg = kzalloc(sizeof(struct pkcs7_message), GFP_KERNEL);
|
||||||
|
if (!ctx->msg)
|
||||||
|
goto out_no_msg;
|
||||||
ctx->sinfo = kzalloc(sizeof(struct pkcs7_signed_info), GFP_KERNEL);
|
ctx->sinfo = kzalloc(sizeof(struct pkcs7_signed_info), GFP_KERNEL);
|
||||||
if (!ctx->sinfo)
|
if (!ctx->sinfo)
|
||||||
goto error_no_sinfo;
|
goto out_no_sinfo;
|
||||||
|
|
||||||
ctx->msg = msg;
|
|
||||||
ctx->data = (unsigned long)data;
|
ctx->data = (unsigned long)data;
|
||||||
ctx->ppcerts = &ctx->certs;
|
ctx->ppcerts = &ctx->certs;
|
||||||
ctx->ppsinfo = &ctx->msg->signed_infos;
|
ctx->ppsinfo = &ctx->msg->signed_infos;
|
||||||
|
|
||||||
/* Attempt to decode the signature */
|
/* Attempt to decode the signature */
|
||||||
ret = asn1_ber_decoder(&pkcs7_decoder, ctx, data, datalen);
|
ret = asn1_ber_decoder(&pkcs7_decoder, ctx, data, datalen);
|
||||||
if (ret < 0)
|
if (ret < 0) {
|
||||||
goto error_decode;
|
msg = ERR_PTR(ret);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
msg = ctx->msg;
|
||||||
|
ctx->msg = NULL;
|
||||||
|
|
||||||
|
out:
|
||||||
while (ctx->certs) {
|
while (ctx->certs) {
|
||||||
struct x509_certificate *cert = ctx->certs;
|
struct x509_certificate *cert = ctx->certs;
|
||||||
ctx->certs = cert->next;
|
ctx->certs = cert->next;
|
||||||
x509_free_certificate(cert);
|
x509_free_certificate(cert);
|
||||||
}
|
}
|
||||||
mpi_free(ctx->sinfo->sig.mpi[0]);
|
pkcs7_free_signed_info(ctx->sinfo);
|
||||||
kfree(ctx->sinfo->sig.digest);
|
out_no_sinfo:
|
||||||
kfree(ctx->sinfo);
|
pkcs7_free_message(ctx->msg);
|
||||||
|
out_no_msg:
|
||||||
kfree(ctx);
|
kfree(ctx);
|
||||||
|
out_no_ctx:
|
||||||
return msg;
|
return msg;
|
||||||
|
|
||||||
error_decode:
|
|
||||||
mpi_free(ctx->sinfo->sig.mpi[0]);
|
|
||||||
kfree(ctx->sinfo->sig.digest);
|
|
||||||
kfree(ctx->sinfo);
|
|
||||||
error_no_sinfo:
|
|
||||||
kfree(ctx);
|
|
||||||
error_no_ctx:
|
|
||||||
pkcs7_free_message(msg);
|
|
||||||
error_no_sig:
|
|
||||||
return ERR_PTR(ret);
|
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(pkcs7_parse_message);
|
EXPORT_SYMBOL_GPL(pkcs7_parse_message);
|
||||||
|
|
||||||
|
|||||||
@ -37,6 +37,8 @@ static int key_get_type_from_user(char *type,
|
|||||||
return ret;
|
return ret;
|
||||||
if (ret == 0 || ret >= len)
|
if (ret == 0 || ret >= len)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
if (type[0] == '.')
|
||||||
|
return -EPERM;
|
||||||
type[len - 1] = '\0';
|
type[len - 1] = '\0';
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user