diff options
author | David Howells <dhowells@redhat.com> | 2020-09-27 11:07:21 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2020-11-23 18:09:29 +0000 |
commit | d2ae4e918218f543214fbd906db68a6c580efbbb (patch) | |
tree | b240ab494a23255f2f8b59bd682c33420675fdd3 /net/rxrpc/key.c | |
parent | 12da59fcab5a05d01773e7cb413b8b8f3bb4e334 (diff) |
rxrpc: Don't leak the service-side session key to userspace
Don't let someone reading a service-side rxrpc-type key get access to the
session key that was exchanged with the client. The server application
will, at some point, need to be able to read the information in the ticket,
but this probably shouldn't include the key material.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'net/rxrpc/key.c')
-rw-r--r-- | net/rxrpc/key.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/net/rxrpc/key.c b/net/rxrpc/key.c index 3bd7b9d48d27..ed29ec01237b 100644 --- a/net/rxrpc/key.c +++ b/net/rxrpc/key.c @@ -579,7 +579,8 @@ static long rxrpc_read(const struct key *key, case RXRPC_SECURITY_RXKAD: toksize += 8 * 4; /* viceid, kvno, key*2, begin, * end, primary, tktlen */ - toksize += RND(token->kad->ticket_len); + if (!token->no_leak_key) + toksize += RND(token->kad->ticket_len); break; default: /* we have a ticket we can't encode */ @@ -654,7 +655,10 @@ static long rxrpc_read(const struct key *key, ENCODE(token->kad->start); ENCODE(token->kad->expiry); ENCODE(token->kad->primary_flag); - ENCODE_DATA(token->kad->ticket_len, token->kad->ticket); + if (token->no_leak_key) + ENCODE(0); + else + ENCODE_DATA(token->kad->ticket_len, token->kad->ticket); break; default: |