From patchwork Fri Apr 21 08:30:33 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers3@gmail.com>
X-Patchwork-Id: 9692087
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	880F26038E
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Fri, 21 Apr 2017 08:32:08 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 786EF2860B
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Fri, 21 Apr 2017 08:32:08 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 6D03028607; Fri, 21 Apr 2017 08:32:08 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 10D722860B
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Fri, 21 Apr 2017 08:32:08 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1036246AbdDUIb6 (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Fri, 21 Apr 2017 04:31:58 -0400
Received: from mail-oi0-f65.google.com ([209.85.218.65]:32819 "EHLO
	mail-oi0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1035971AbdDUIbz (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Fri, 21 Apr 2017 04:31:55 -0400
Received: by mail-oi0-f65.google.com with SMTP id a189so18209837oib.0;
	Fri, 21 Apr 2017 01:31:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=4yxEZ4cs3k0c6Q318DSRV6+UIccASPTvfayzyx3JQcY=;
	b=CgYj7UMsI+6/6/XTBniwjD7OrBQjsAilS9B2NHvbNNOnp7Zr1g+5wQMXtWpzPMJ5R9
	ZGppep8qEFX55a1nHYD+pkmu3+EyK5ZeHU0VVbY5qYDlaBXo8qfjFB70hcY1fh4L33VZ
	bUeYU1+gTf7MAOdKqoqE2UoEFCaWeY7L+Dm3ZMuQ179wogRvX/AY60Ix/4qr0BFRvyMj
	PcKOL286ZouV1+tZZg3V05JL3Mf94QxXR9t5pDCCYXUypM1Au1InUAynisoqVQwzkzar
	ze8/Cs4t4uBJGVRAsK/rgtdjV0oFKFs4vGADiXlOCHOK2a1curitViPTLNzvEiHzUPeJ
	bhjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=4yxEZ4cs3k0c6Q318DSRV6+UIccASPTvfayzyx3JQcY=;
	b=V/ZXp8qePAZmwbOWzCzSJHJvC4P33UbBJLBXT6+cVQPI7g2F+9jP47vzpDlpmd7SDZ
	zGyb3pyLRHyS+b4yCEYcLOQ8/V9fmxRRZLMc8orx855wUPCjMhP2UGP6AMHKTSwMz+mp
	ABv1iD1Y9IAeqqEVU9jIH4arYttYIgGaKfVHyW7JWZJA8Qxr3zASekWuUfnX/X8nq6du
	p1Ou/8iVKu4E4k6GAorYCpYwGYTbTR4hVGd2slPl4iuiFmcU6phZm+UyC1kC5vAUSiEQ
	K14CSy7gSQOivUpEjeWgvRCWNRvNbWx8rQ358JR8gukYnbmibi7y1rQZmpIS5t/iuFm2
	gLcw==
X-Gm-Message-State: AN3rC/5YEqEBDS6uulRzdfNMALSKeZV/aYNW58oiPNyhMoE6L1FTFf55
	gcaxTChZHE/+Hw==
X-Received: by 10.84.143.1 with SMTP id 1mr14638190ply.70.1492763514513;
	Fri, 21 Apr 2017 01:31:54 -0700 (PDT)
Received: from localhost.localdomain (c-73-239-167-150.hsd1.wa.comcast.net.
	[73.239.167.150]) by smtp.gmail.com with ESMTPSA id
	m187sm14593981pfm.122.2017.04.21.01.31.53
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 21 Apr 2017 01:31:54 -0700 (PDT)
From: Eric Biggers <ebiggers3@gmail.com>
To: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org,
	David Howells <dhowells@redhat.com>,
	linux-kernel@vger.kernel.org, Eric Biggers <ebiggers@google.com>
Subject: [PATCH 1/5] KEYS: sanitize add_key() and keyctl() key payloads
Date: Fri, 21 Apr 2017 01:30:33 -0700
Message-Id: <20170421083037.12746-2-ebiggers3@gmail.com>
X-Mailer: git-send-email 2.12.2
In-Reply-To: <20170421083037.12746-1-ebiggers3@gmail.com>
References: <20170421083037.12746-1-ebiggers3@gmail.com>
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

From: Eric Biggers <ebiggers@google.com>

Before returning from add_key() or one of the keyctl() commands that
takes in a key payload, zero the temporary buffer that was allocated to
hold the key payload copied from userspace.  This may contain sensitive
key material that should not be kept around in the slab caches.

This must not be applied before the patch "KEYS: fix dereferencing NULL
payload with nonzero length".

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 security/keys/keyctl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 10fcea154c0f..d2852621e358 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -137,6 +137,7 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type,
 
 	key_ref_put(keyring_ref);
  error3:
+	memzero_explicit(payload, plen);
 	kvfree(payload);
  error2:
 	kfree(description);
@@ -347,7 +348,7 @@ long keyctl_update_key(key_serial_t id,
 
 	key_ref_put(key_ref);
 error2:
-	kfree(payload);
+	kzfree(payload);
 error:
 	return ret;
 }
@@ -1098,6 +1099,7 @@ long keyctl_instantiate_key_common(key_serial_t id,
 		keyctl_change_reqkey_auth(NULL);
 
 error2:
+	memzero_explicit(payload, plen);
 	kvfree(payload);
 error:
 	return ret;