<feed xmlns='http://www.w3.org/2005/Atom'>
<title>kernel/git/stable/linux.git/security/keys/trusted.c, branch linux-3.2.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<id>https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/atom?h=linux-3.2.y</id>
<link rel='self' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/atom?h=linux-3.2.y'/>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/'/>
<updated>2018-01-01T20:51:01+00:00</updated>
<entry>
<title>KEYS: trusted: fix writing past end of buffer in trusted_read()</title>
<updated>2018-01-01T20:51:01+00:00</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@google.com</email>
</author>
<published>2017-11-02T00:47:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bc2acd699938b98ea7f903d67acce4a84d6b7fe8'/>
<id>urn:sha1:bc2acd699938b98ea7f903d67acce4a84d6b7fe8</id>
<content type='text'>
commit a3c812f7cfd80cf51e8f5b7034f7418f6beb56c1 upstream.

When calling keyctl_read() on a key of type "trusted", if the
user-supplied buffer was too small, the kernel ignored the buffer length
and just wrote past the end of the buffer, potentially corrupting
userspace memory.  Fix it by instead returning the size required, as per
the documentation for keyctl_read().

We also don't even fill the buffer at all in this case, as this is
slightly easier to implement than doing a short read, and either
behavior appears to be permitted.  It also makes it match the behavior
of the "encrypted" key type.

Fixes: d00a1c72f7f4 ("keys: add new trusted key-type")
Reported-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
Signed-off-by: Eric Biggers &lt;ebiggers@google.com&gt;
Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Reviewed-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
Reviewed-by: James Morris &lt;james.l.morris@oracle.com&gt;
Signed-off-by: James Morris &lt;james.l.morris@oracle.com&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
</entry>
<entry>
<title>KEYS: trusted: sanitize all key material</title>
<updated>2018-01-01T20:51:01+00:00</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@google.com</email>
</author>
<published>2017-06-08T13:49:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3c16f689b7430641cef4f216b0707c56184c114c'/>
<id>urn:sha1:3c16f689b7430641cef4f216b0707c56184c114c</id>
<content type='text'>
commit ee618b4619b72527aaed765f0f0b74072b281159 upstream.

As the previous patch did for encrypted-keys, zero sensitive any
potentially sensitive data related to the "trusted" key type before it
is freed.  Notably, we were not zeroing the tpm_buf structures in which
the actual key is stored for TPM seal and unseal, nor were we zeroing
the trusted_key_payload in certain error paths.

Cc: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
Cc: David Safford &lt;safford@us.ibm.com&gt;
Signed-off-by: Eric Biggers &lt;ebiggers@google.com&gt;
Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: James Morris &lt;james.l.morris@oracle.com&gt;
[bwh: Backported to 3.2:
 - Also use kzfree() in my_get_random()
 - Drop one unapplicable change
 - Adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
</entry>
<entry>
<title>security: follow rename pack_hex_byte() to hex_byte_pack()</title>
<updated>2011-11-01T00:30:56+00:00</updated>
<author>
<name>Andy Shevchenko</name>
<email>andriy.shevchenko@linux.intel.com</email>
</author>
<published>2011-11-01T00:12:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=02473119bc54b0b239c2501064c7a37314347f87'/>
<id>urn:sha1:02473119bc54b0b239c2501064c7a37314347f87</id>
<content type='text'>
There is no functional change.

Signed-off-by: Andy Shevchenko &lt;andriy.shevchenko@linux.intel.com&gt;
Cc: Mimi Zohar &lt;zohar@us.ibm.com&gt;
Cc: James Morris &lt;jmorris@namei.org&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
</entry>
<entry>
<title>trusted-keys: check hex2bin result</title>
<updated>2011-09-21T03:26:05+00:00</updated>
<author>
<name>Mimi Zohar</name>
<email>zohar@linux.vnet.ibm.com</email>
</author>
<published>2011-09-20T15:23:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2684bf7f29cfb13ef2c60f3b3a53ee47d0db7022'/>
<id>urn:sha1:2684bf7f29cfb13ef2c60f3b3a53ee47d0db7022</id>
<content type='text'>
For each hex2bin call in trusted keys, check that the ascii hex string is
valid.  On failure, return -EINVAL.

Changelog v1:
- hex2bin now returns an int

Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
Acked-by: Andy Shevchenko &lt;andy.shevchenko@gmail.com&gt;
</content>
</entry>
<entry>
<title>Create Documentation/security/,</title>
<updated>2011-05-19T22:59:38+00:00</updated>
<author>
<name>Randy Dunlap</name>
<email>randy.dunlap@oracle.com</email>
</author>
<published>2011-05-19T22:59:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d410fa4ef99112386de5f218dd7df7b4fca910b4'/>
<id>urn:sha1:d410fa4ef99112386de5f218dd7df7b4fca910b4</id>
<content type='text'>
move LSM-, credentials-, and keys-related files from Documentation/
  to Documentation/security/,
add Documentation/security/00-INDEX, and
update all occurrences of Documentation/&lt;moved_file&gt;
  to Documentation/security/&lt;moved_file&gt;.
</content>
</entry>
<entry>
<title>KEYS: Add an RCU payload dereference macro</title>
<updated>2011-03-08T00:17:11+00:00</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2011-03-07T15:05:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=633e804e89464d3875e59de1959a53f9041d3094'/>
<id>urn:sha1:633e804e89464d3875e59de1959a53f9041d3094</id>
<content type='text'>
Add an RCU payload dereference macro as this seems to be a common piece of code
amongst key types that use RCU referenced payloads.

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@us.ibm.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
</entry>
<entry>
<title>trusted keys: Fix a memory leak in trusted_update().</title>
<updated>2011-01-23T23:59:58+00:00</updated>
<author>
<name>Jesper Juhl</name>
<email>jj@chaosbits.net</email>
</author>
<published>2011-01-23T21:40:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5403110943a2dcf1f96416d7a412a8b46895facd'/>
<id>urn:sha1:5403110943a2dcf1f96416d7a412a8b46895facd</id>
<content type='text'>
One failure path in security/keys/trusted.c::trusted_update() does
not free 'new_p' while the others do. This patch makes sure we also free
it in the remaining path (if datablob_parse() returns different from
Opt_update).

Signed-off-by: Jesper Juhl &lt;jj@chaosbits.net&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
</entry>
<entry>
<title>trusted-keys: rename trusted_defined files to trusted</title>
<updated>2011-01-23T23:14:22+00:00</updated>
<author>
<name>Mimi Zohar</name>
<email>zohar@linux.vnet.ibm.com</email>
</author>
<published>2011-01-18T14:07:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4b174b6d281f5c87234fc65bafc02877f565c5cf'/>
<id>urn:sha1:4b174b6d281f5c87234fc65bafc02877f565c5cf</id>
<content type='text'>
Rename trusted_defined.c and trusted_defined.h files to trusted.c and
trusted.h, respectively. Based on request from David Howells.

Signed-off-by: Mimi Zohar &lt;zohar@us.ibm.com&gt;
Acked-by: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: James Morris &lt;jmorris@namei.org&gt;
</content>
</entry>
</feed>
