| Message ID | 20181130200411.19595-1-bmeneg@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | libimaevm: get key description out of verbose condition | expand |
Ignore this patch, forgot to add "ima-evm-utils" as a prefix in the subject line. I already sent a new patch with the correction. Sorry for the noise. On Fri, Nov 30, 2018 at 06:04:11PM -0200, Bruno E. O. Meneguele wrote: > Key description in keyring is being filled with memory garbage during import > process if the LOG_LEVEL is not satisfied (using '-vv'). > > Testing in kernels without trusted keyring support, and importing a v1 (RSA) key > pair, the kernel fails to find the key since it looks for the key description, > which is not found due to this issue: > > "digsig: key not found, id: DD0558FEB7DDBD26" > > Looking at: > # keyctl show > Session Keyring > 635748007 --alswrv 0 0 keyring: _ses > 673181018 --alswrv 0 65534 \_ keyring: _uid.0 > 360651479 --alswrv 0 0 \_ keyring: _ima > 499360916 --alswrv 0 0 | \_ user: .N= > 266933436 --alswrv 0 0 | \_ user: B641632DA94DEE26 > > Key id 499360916 and 266933436 are both the same key, but the first was added > without '-vv' in the command line, while the second one was using it. > > Signed-off-by: Bruno E. O. Meneguele <bmeneg@redhat.com> > --- > src/libimaevm.c | 12 +++++------- > 1 file changed, 5 insertions(+), 7 deletions(-) > > diff --git a/src/libimaevm.c b/src/libimaevm.c > index 6fa0ed4..b6f9b9f 100644 > --- a/src/libimaevm.c > +++ b/src/libimaevm.c > @@ -672,12 +672,11 @@ void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len > memcpy(keyid, sha1 + 12, 8); > log_debug("keyid: "); > log_debug_dump(keyid, 8); > + id = __be64_to_cpup((__be64 *) keyid); > + sprintf(str, "%llX", (unsigned long long)id); > > - if (params.verbose > LOG_INFO) { > - id = __be64_to_cpup((__be64 *) keyid); > - sprintf(str, "%llX", (unsigned long long)id); > + if (params.verbose > LOG_INFO) > log_info("keyid-v1: %s\n", str); > - } > } > > void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key) > @@ -694,11 +693,10 @@ void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key) > memcpy(keyid, sha1 + 16, 4); > log_debug("keyid: "); > log_debug_dump(keyid, 4); > + sprintf(str, "%x", __be32_to_cpup(keyid)); > > - if (params.verbose > LOG_INFO) { > - sprintf(str, "%x", __be32_to_cpup(keyid)); > + if (params.verbose > LOG_INFO) > log_info("keyid: %s\n", str); > - } > > free(pkey); > } > -- > 2.19.1 >
diff --git a/src/libimaevm.c b/src/libimaevm.c index 6fa0ed4..b6f9b9f 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -672,12 +672,11 @@ void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len memcpy(keyid, sha1 + 12, 8); log_debug("keyid: "); log_debug_dump(keyid, 8); + id = __be64_to_cpup((__be64 *) keyid); + sprintf(str, "%llX", (unsigned long long)id); - if (params.verbose > LOG_INFO) { - id = __be64_to_cpup((__be64 *) keyid); - sprintf(str, "%llX", (unsigned long long)id); + if (params.verbose > LOG_INFO) log_info("keyid-v1: %s\n", str); - } } void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key) @@ -694,11 +693,10 @@ void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key) memcpy(keyid, sha1 + 16, 4); log_debug("keyid: "); log_debug_dump(keyid, 4); + sprintf(str, "%x", __be32_to_cpup(keyid)); - if (params.verbose > LOG_INFO) { - sprintf(str, "%x", __be32_to_cpup(keyid)); + if (params.verbose > LOG_INFO) log_info("keyid: %s\n", str); - } free(pkey); }
Key description in keyring is being filled with memory garbage during import process if the LOG_LEVEL is not satisfied (using '-vv'). Testing in kernels without trusted keyring support, and importing a v1 (RSA) key pair, the kernel fails to find the key since it looks for the key description, which is not found due to this issue: "digsig: key not found, id: DD0558FEB7DDBD26" Looking at: # keyctl show Session Keyring 635748007 --alswrv 0 0 keyring: _ses 673181018 --alswrv 0 65534 \_ keyring: _uid.0 360651479 --alswrv 0 0 \_ keyring: _ima 499360916 --alswrv 0 0 | \_ user: .N= 266933436 --alswrv 0 0 | \_ user: B641632DA94DEE26 Key id 499360916 and 266933436 are both the same key, but the first was added without '-vv' in the command line, while the second one was using it. Signed-off-by: Bruno E. O. Meneguele <bmeneg@redhat.com> --- src/libimaevm.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-)