git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	Eric Biggers <ebiggers@google.com>
	Mon, 9 Oct 2017 19:37:49 +0000 (12:37 -0700)
committer	Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
	Thu, 16 Nov 2017 13:23:14 +0000 (11:23 -0200)
commit	3e8fc1cae9ce18a0fa1a3815b85f6f35d62bdcc4
tree	33433275aeea6135f80f10123d780d35967d6eb9	tree
parent	e00a8cf63f1c5e529c4d2506786de58b62e48fd9	commit \| diff

KEYS: encrypted: fix dereference of NULL user_key_payload

BugLink: http://bugs.launchpad.net/bugs/1731951
commit 13923d0865ca96312197962522e88bc0aedccd74 upstream.

A key of type "encrypted" references a "master key" which is used to
encrypt and decrypt the encrypted key's payload. However, when we
accessed the master key's payload, we failed to handle the case where
the master key has been revoked, which sets the payload pointer to NULL.
Note that request_key() *does* skip revoked keys, but there is still a
window where the key can be revoked before we acquire its semaphore.

Fix it by checking for a NULL payload, treating it like a key which was
already revoked at the time it was requested.

This was an issue for master keys of type "user" only. Master keys can
also be of type "trusted", but those cannot be revoked.

Fixes: 7e70cb497850 ("keys: add new key-type encrypted")
Reviewed-by: James Morris <james.l.morris@oracle.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Safford <safford@us.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>