diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-26 08:44:15 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-06-26 08:44:15 -0700 |
commit | 813835028e9ae1f18cd11bb0ec591d0f0577d96a (patch) | |
tree | 5c91429f5cb9f0615ca8dbf2406984583ec27deb | |
parent | 84bfed40fc25dd052620398fdcc19d8c77f02270 (diff) | |
parent | b65c32ec5a942ab3ada93a048089a938918aba7f (diff) | |
download | lwn-813835028e9ae1f18cd11bb0ec591d0f0577d96a.tar.gz lwn-813835028e9ae1f18cd11bb0ec591d0f0577d96a.zip |
Merge branch 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem fixes from James Morris:
- Smack: fix a regression caused by 1bbc55131e5
- X.509: fix a (usually un-seen) bug in RSA signature parsing
* 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
X.509: unpack RSA signatureValue field from BIT STRING
Smack: Mark inode instant in smack_task_to_inode
-rw-r--r-- | crypto/asymmetric_keys/x509_cert_parser.c | 9 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 1 |
2 files changed, 10 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c index 7d81e6bb461a..b6cabac4b62b 100644 --- a/crypto/asymmetric_keys/x509_cert_parser.c +++ b/crypto/asymmetric_keys/x509_cert_parser.c @@ -249,6 +249,15 @@ int x509_note_signature(void *context, size_t hdrlen, return -EINVAL; } + if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) { + /* Discard the BIT STRING metadata */ + if (vlen < 1 || *(const u8 *)value != 0) + return -EBADMSG; + + value++; + vlen--; + } + ctx->cert->raw_sig = value; ctx->cert->raw_sig_size = vlen; return 0; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 7ad226018f51..19de675d4504 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2296,6 +2296,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) struct smack_known *skp = smk_of_task_struct(p); isp->smk_inode = skp; + isp->smk_flags |= SMK_INODE_INSTANT; } /* |