diff options
author | Eric Biggers <ebiggers@google.com> | 2017-12-08 15:13:29 +0000 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2017-12-08 15:13:29 +0000 |
commit | 72f9a07b6bfaefdc29fcb75dafa8867a4f6d8317 (patch) | |
tree | 07ca4c806753963651a86081f8dfbbce26e90c19 /kernel/exit.c | |
parent | a80745a6de51a651977a16ef81cba0126f9dd66f (diff) |
KEYS: be careful with error codes in public_key_verify_signature()
In public_key_verify_signature(), if akcipher_request_alloc() fails, we
return -ENOMEM. But that error code was set 25 lines above, and by
accident someone could easily insert new code in between that assigns to
'ret', which would introduce a signature verification bypass. Make the
code clearer by moving the -ENOMEM down to where it is used.
Additionally, the callers of public_key_verify_signature() only consider
a negative return value to be an error. This means that if any positive
return value is accidentally introduced deeper in the call stack (e.g.
'return EBADMSG' instead of 'return -EBADMSG' somewhere in RSA),
signature verification will be bypassed. Make things more robust by
having public_key_verify_signature() warn about positive errors and
translate them into -EINVAL.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'kernel/exit.c')
0 files changed, 0 insertions, 0 deletions