| Message ID | 20171009194618.67494-1-ebiggers3@gmail.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
On Mon, Oct 09, 2017 at 12:46:18PM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@google.com> > > When an fscrypt-encrypted file is opened, we request the file's master > key from the keyrings service as a logon key, then access its payload. > However, a revoked key has a NULL payload, and we failed to check for > this. request_key() *does* skip revoked keys, but there is still a > window where the key can be revoked before we acquire its semaphore. > > Fix it by checking for a NULL payload, treating it like a key which was > already revoked at the time it was requested. > > Fixes: 88bd6ccdcdd6 ("ext4 crypto: add encryption key management facilities") > Reviewed-by: James Morris <james.l.morris@oracle.com> > Cc: <stable@vger.kernel.org> [v4.1+] > Signed-off-by: Eric Biggers <ebiggers@google.com> Applied, thanks. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-fscrypt" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Sun, Oct 29, 2017 at 06:23:05AM -0400, Theodore Ts'o wrote: > On Mon, Oct 09, 2017 at 12:46:18PM -0700, Eric Biggers wrote: > > From: Eric Biggers <ebiggers@google.com> > > > > When an fscrypt-encrypted file is opened, we request the file's master > > key from the keyrings service as a logon key, then access its payload. > > However, a revoked key has a NULL payload, and we failed to check for > > this. request_key() *does* skip revoked keys, but there is still a > > window where the key can be revoked before we acquire its semaphore. > > > > Fix it by checking for a NULL payload, treating it like a key which was > > already revoked at the time it was requested. > > > > Fixes: 88bd6ccdcdd6 ("ext4 crypto: add encryption key management facilities") > > Reviewed-by: James Morris <james.l.morris@oracle.com> > > Cc: <stable@vger.kernel.org> [v4.1+] > > Signed-off-by: Eric Biggers <ebiggers@google.com> > > Applied, thanks. > Hi Ted, you should drop this one, since it's already in mainline; David Howells ended up taking the original series via the keyrings tree. Thanks! Eric -- To unsubscribe from this list: send the line "unsubscribe linux-fscrypt" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Sun, Oct 29, 2017 at 09:32:46AM -0700, Eric Biggers wrote: > > Hi Ted, you should drop this one, since it's already in mainline; David Howells > ended up taking the original series via the keyrings tree. Ah, I see it landed in v4.14-rc6. I'll drop it from the fscrypt tree. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-fscrypt" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c index 018c588c7ac3..8e704d12a1cf 100644 --- a/fs/crypto/keyinfo.c +++ b/fs/crypto/keyinfo.c @@ -109,6 +109,11 @@ static int validate_user_key(struct fscrypt_info *crypt_info, goto out; } ukp = user_key_payload_locked(keyring_key); + if (!ukp) { + /* key was revoked before we acquired its semaphore */ + res = -EKEYREVOKED; + goto out; + } if (ukp->datalen != sizeof(struct fscrypt_key)) { res = -EINVAL; goto out;