diff options
author | Roman Smirnov <r.smirnov@omp.ru> | 2024-09-17 18:54:53 +0300 |
---|---|---|
committer | Jarkko Sakkinen <jarkko@kernel.org> | 2024-09-20 19:49:49 +0300 |
commit | 70fd1966c93bf3bfe3fe6d753eb3d83a76597eef (patch) | |
tree | e6699a352b086e3ec2d27b79947f4fb02076f88f | |
parent | 652bfcb76fe689f4d85b6f3688025a87fb94f9a1 (diff) | |
download | lwn-70fd1966c93bf3bfe3fe6d753eb3d83a76597eef.tar.gz lwn-70fd1966c93bf3bfe3fe6d753eb3d83a76597eef.zip |
KEYS: prevent NULL pointer dereference in find_asymmetric_key()
In find_asymmetric_key(), if all NULLs are passed in the id_{0,1,2}
arguments, the kernel will first emit WARN but then have an oops
because id_2 gets dereferenced anyway.
Add the missing id_2 check and move WARN_ON() to the final else branch
to avoid duplicate NULL checks.
Found by Linux Verification Center (linuxtesting.org) with Svace static
analysis tool.
Cc: stable@vger.kernel.org # v5.17+
Fixes: 7d30198ee24f ("keys: X.509 public key issuer lookup without AKID")
Suggested-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
-rw-r--r-- | crypto/asymmetric_keys/asymmetric_type.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index a5da8ccd353e..43af5fa510c0 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c @@ -60,17 +60,18 @@ struct key *find_asymmetric_key(struct key *keyring, char *req, *p; int len; - WARN_ON(!id_0 && !id_1 && !id_2); - if (id_0) { lookup = id_0->data; len = id_0->len; } else if (id_1) { lookup = id_1->data; len = id_1->len; - } else { + } else if (id_2) { lookup = id_2->data; len = id_2->len; + } else { + WARN_ON(1); + return ERR_PTR(-EINVAL); } /* Construct an identifier "id:<keyid>". */ |