summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2018-06-26 08:44:15 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2018-06-26 08:44:15 -0700
commit813835028e9ae1f18cd11bb0ec591d0f0577d96a (patch)
tree5c91429f5cb9f0615ca8dbf2406984583ec27deb /crypto
parent84bfed40fc25dd052620398fdcc19d8c77f02270 (diff)
parentb65c32ec5a942ab3ada93a048089a938918aba7f (diff)
downloadlinux-stable-813835028e9ae1f18cd11bb0ec591d0f0577d96a.tar.gz
linux-stable-813835028e9ae1f18cd11bb0ec591d0f0577d96a.tar.bz2
linux-stable-813835028e9ae1f18cd11bb0ec591d0f0577d96a.zip
Merge branch 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem fixes from James Morris: - Smack: fix a regression caused by 1bbc55131e5 - X.509: fix a (usually un-seen) bug in RSA signature parsing * 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: X.509: unpack RSA signatureValue field from BIT STRING Smack: Mark inode instant in smack_task_to_inode
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asymmetric_keys/x509_cert_parser.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 7d81e6bb461a..b6cabac4b62b 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -249,6 +249,15 @@ int x509_note_signature(void *context, size_t hdrlen,
return -EINVAL;
}
+ if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) {
+ /* Discard the BIT STRING metadata */
+ if (vlen < 1 || *(const u8 *)value != 0)
+ return -EBADMSG;
+
+ value++;
+ vlen--;
+ }
+
ctx->cert->raw_sig = value;
ctx->cert->raw_sig_size = vlen;
return 0;