From: David Gstir <david@xxxxxxxxxxxxx>
commit 6486cad00a8b7f8585983408c152bbe33dda529b upstream.
The DCP trusted key type uses the wrong helper function to store
the blob's payload length which can lead to the wrong byte order
being used in case this would ever run on big endian architectures.
Fix by using correct helper function.
Cc: stable@xxxxxxxxxxxxxxx # v6.10+
Fixes: 2e8a0f40a39c ("KEYS: trusted: Introduce NXP DCP-backed trusted keys")
Suggested-by: Richard Weinberger <richard@xxxxxx>
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Closes: https://lore.kernel.org/oe-kbuild-all/202405240610.fj53EK0q-lkp@xxxxxxxxx/
Signed-off-by: David Gstir <david@xxxxxxxxxxxxx>
Reviewed-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
security/keys/trusted-keys/trusted_dcp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/keys/trusted-keys/trusted_dcp.c b/security/keys/trusted-keys/trusted_dcp.c
index b5f81a05be36..b0947f072a98 100644
--- a/security/keys/trusted-keys/trusted_dcp.c
+++ b/security/keys/trusted-keys/trusted_dcp.c
@@ -222,7 +222,7 @@ static int trusted_dcp_seal(struct trusted_key_payload *p, char *datablob)
return ret;
}
- b->payload_len = get_unaligned_le32(&p->key_len);
+ put_unaligned_le32(p->key_len, &b->payload_len);
p->blob_len = blen;
return 0;
}
--
2.46.0
Patches currently in stable-queue which might be from david@xxxxxxxxxxxxx are
queue-6.10/keys-trusted-dcp-fix-leak-of-blob-encryption-key.patch
queue-6.10/keys-trusted-fix-dcp-blob-payload-length-assignment.patch
