[V2][PATCH 1/2] PKCS#7: Fix kernel panic when referring to the empty AuthorityKeyIdentifier
Dave Young
dyoung at redhat.com
Wed Jul 13 19:16:32 PDT 2016
Cc crpto list
On 07/13/16 at 09:35pm, Lans Zhang wrote:
> This fix resolves the following kernel panic if the empty AuthorityKeyIdentifier employed.
>
> [ 459.041989] PKEY: <==public_key_verify_signature() = 0
> [ 459.041993] PKCS7: Verified signature 1
> [ 459.041995] PKCS7: ==> pkcs7_verify_sig_chain()
> [ 459.041999] PKCS7: verify Sample DB Certificate for SCP: 01
> [ 459.042002] PKCS7: - issuer Sample KEK Certificate for SCP
> [ 459.042014] BUG: unable to handle kernel NULL pointer dereference at (null)
> [ 459.042135] IP: [<ffffffff813e7b4c>] pkcs7_verify+0x72c/0x7f0
> [ 459.042217] PGD 739e6067 PUD 77719067 PMD 0
> [ 459.042286] Oops: 0000 [#1] PREEMPT SMP
> [ 459.042328] Modules linked in:
> [ 459.042368] CPU: 0 PID: 474 Comm: kexec Not tainted 4.7.0-rc7-WR8.0.0.0_standard+ #18
> [ 459.042462] Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 10/09/2014
> [ 459.042586] task: ffff880073a50000 ti: ffff8800738e8000 task.ti: ffff8800738e8000
> [ 459.042675] RIP: 0010:[<ffffffff813e7b4c>] [<ffffffff813e7b4c>] pkcs7_verify+0x72c/0x7f0
> [ 459.042784] RSP: 0018:ffff8800738ebd58 EFLAGS: 00010246
> [ 459.042845] RAX: 0000000000000000 RBX: ffff880076b7da80 RCX: 0000000000000006
> [ 459.042929] RDX: 0000000000000001 RSI: ffffffff81c85001 RDI: ffffffff81ca00a9
> [ 459.043014] RBP: ffff8800738ebd98 R08: 0000000000000400 R09: ffff8800788a304c
> [ 459.043098] R10: 0000000000000000 R11: 00000000000060ca R12: ffff8800769a2bc0
> [ 459.043182] R13: ffff880077358300 R14: 0000000000000000 R15: ffff8800769a2dc0
> [ 459.043268] FS: 00007f24cc741700(0000) GS:ffff880074e00000(0000) knlGS:0000000000000000
> [ 459.043365] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 459.043431] CR2: 0000000000000000 CR3: 0000000073a36000 CR4: 00000000001006f0
> [ 459.043514] Stack:
> [ 459.043530] 0000000000000000 ffffffbf00000020 31ffffff813e68b0 0000000000000002
> [ 459.043644] ffff8800769a2bc0 0000000000000000 00000000007197b8 0000000000000002
> [ 459.043756] ffff8800738ebdd8 ffffffff81153fb1 0000000000000000 0000000000000000
> [ 459.043869] Call Trace:
> [ 459.043898] [<ffffffff81153fb1>] verify_pkcs7_signature+0x61/0x140
> [ 459.043974] [<ffffffff813e7f0b>] verify_pefile_signature+0x2cb/0x830
> [ 459.044052] [<ffffffff813e8470>] ? verify_pefile_signature+0x830/0x830
> [ 459.044134] [<ffffffff81048e25>] bzImage64_verify_sig+0x15/0x20
> [ 459.046332] [<ffffffff81046e09>] arch_kexec_kernel_verify_sig+0x29/0x40
> [ 459.048552] [<ffffffff810f10e4>] SyS_kexec_file_load+0x1f4/0x6c0
> [ 459.050768] [<ffffffff81050e36>] ? __do_page_fault+0x1b6/0x550
> [ 459.052996] [<ffffffff8199241f>] entry_SYSCALL_64_fastpath+0x17/0x93
> [ 459.055242] Code: e8 0a d6 ff ff 85 c0 0f 88 7a fb ff ff 4d 39 fd 4d 89 7d 08 74 45 4d 89 fd e9 14 fe ff ff 4d 8b 76 08 31 c0 48 c7 c7 a9 00 ca 81 <41> 0f b7 36 49 8d 56 02 e8 d0 91 d6 ff 4d 8b 3c 24 4d 85 ff 0f
> [ 459.060535] RIP [<ffffffff813e7b4c>] pkcs7_verify+0x72c/0x7f0
> [ 459.063040] RSP <ffff8800738ebd58>
> [ 459.065456] CR2: 0000000000000000
> [ 459.075998] ---[ end trace c15f0e897cda28dc ]---
>
> Signed-off-by: Lans Zhang <jia.zhang at windriver.com>
> Signed-off-by: David Howells <dhowells at redhat.com>
> Cc: Dave Young <dyoung at redhat.com>
> Cc: Baoquan He <bhe at redhat.com>
> Cc: Vivek Goyal <vgoyal at redhat.com>
> ---
> crypto/asymmetric_keys/pkcs7_verify.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
> index 44b746e..2ffd697 100644
> --- a/crypto/asymmetric_keys/pkcs7_verify.c
> +++ b/crypto/asymmetric_keys/pkcs7_verify.c
> @@ -227,7 +227,7 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
> if (asymmetric_key_id_same(p->id, auth))
> goto found_issuer_check_skid;
> }
> - } else {
> + } else if (sig->auth_ids[1]) {
> auth = sig->auth_ids[1];
> pr_debug("- want %*phN\n", auth->len, auth->data);
> for (p = pkcs7->certs; p; p = p->next) {
> --
> 1.9.1
>
>
> _______________________________________________
> kexec mailing list
> kexec at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
More information about the kexec
mailing list