This patch series fixes several bugs in the KDF extension to keyctl_dh_compute() currently sitting in keys-next: a way userspace could cause an infinite loop, two ways userspace could cause the use of uninitialized memory, a misalignment, and missing __user annotations. Eric Biggers (5): KEYS: DH: forbid using digest_null as the KDF hash KEYS: DH: don't feed uninitialized "otherinfo" into KDF KEYS: DH: don't feed uninitialized result memory into KDF KEYS: DH: ensure the KDF counter is properly aligned KEYS: DH: add __user annotations to keyctl_kdf_params include/uapi/linux/keyctl.h | 4 ++-- security/keys/dh.c | 50 ++++++++++++++++++++++----------------------- 2 files changed, 26 insertions(+), 28 deletions(-) -- 2.12.2
