rxrpc: Don't leak the service-side session key to userspace

Don't let someone reading a service-side rxrpc-type key get access to the session key that was exchanged with the client. The server application will, at some point, need to be able to read the information in the ticket, but this probably shouldn't include the key material. Signed-off-by: David Howells <dhowells@redhat.com>
author: David Howells <dhowells@redhat.com> 2020-09-27 11:07:21 +0100
committer: David Howells <dhowells@redhat.com> 2020-11-23 18:09:29 +0000
commit: d2ae4e918218f543214fbd906db68a6c580efbbb (patch)
tree: b240ab494a23255f2f8b59bd682c33420675fdd3 /net/rxrpc
parent: 12da59fcab5a05d01773e7cb413b8b8f3bb4e334 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/net/rxrpc/key.c b/net/rxrpc/key.c
index 3bd7b9d48d27..ed29ec01237b 100644
--- a/net/rxrpc/key.c
+++ b/net/rxrpc/key.c
@@ -579,7 +579,8 @@ static long rxrpc_read(const struct key *key,
 		case RXRPC_SECURITY_RXKAD:
 			toksize += 8 * 4;	/* viceid, kvno, key*2, begin,
 						 * end, primary, tktlen */
-			toksize += RND(token->kad->ticket_len);
+			if (!token->no_leak_key)
+				toksize += RND(token->kad->ticket_len);
 			break;
 
 		default: /* we have a ticket we can't encode */
@@ -654,7 +655,10 @@ static long rxrpc_read(const struct key *key,
 			ENCODE(token->kad->start);
 			ENCODE(token->kad->expiry);
 			ENCODE(token->kad->primary_flag);
-			ENCODE_DATA(token->kad->ticket_len, token->kad->ticket);
+			if (token->no_leak_key)
+				ENCODE(0);
+			else
+				ENCODE_DATA(token->kad->ticket_len, token->kad->ticket);
 			break;
 
 		default:
author	David Howells <dhowells@redhat.com>	2020-09-27 11:07:21 +0100
committer	David Howells <dhowells@redhat.com>	2020-11-23 18:09:29 +0000
commit	d2ae4e918218f543214fbd906db68a6c580efbbb (patch)
tree	b240ab494a23255f2f8b59bd682c33420675fdd3 /net/rxrpc
parent	12da59fcab5a05d01773e7cb413b8b8f3bb4e334 (diff)