On Thu, 28 Sep 2017, Eric Biggers wrote: > From: Eric Biggers <[email protected]> > > In eCryptfs, we failed to verify that the authentication token keys are > not revoked before dereferencing their payloads, which is problematic > because the payload of a revoked key is NULL. request_key() *does* skip > revoked keys, but there is still a window where the key can be revoked > before we acquire the key semaphore. > > Fix it by updating ecryptfs_get_key_payload_data() to return > -EKEYREVOKED if the key payload is NULL. For completeness we check this > for "encrypted" keys as well as "user" keys, although encrypted keys > cannot be revoked currently. > > Alternatively we could use key_validate(), but since we'll also need to > fix ecryptfs_get_key_payload_data() to validate the payload length, it > seems appropriate to just check the payload pointer. > > Fixes: 237fead61998 ("[PATCH] ecryptfs: fs/Makefile and fs/Kconfig") > Cc: <[email protected]> [v2.6.19+] > Signed-off-by: Eric Biggers <[email protected]>
(A further cleanup might add some inline accessor functions for key data, but it's not necessary now). Reviewed-by: James Morris <[email protected]> -- James Morris <[email protected]> -- Linux-cachefs mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-cachefs
