On Thu, 28 Sep 2017, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@xxxxxxxxxx>
>
> In eCryptfs, we failed to verify that the authentication token keys are
> not revoked before dereferencing their payloads, which is problematic
> because the payload of a revoked key is NULL. request_key() *does* skip
> revoked keys, but there is still a window where the key can be revoked
> before we acquire the key semaphore.
>
> Fix it by updating ecryptfs_get_key_payload_data() to return
> -EKEYREVOKED if the key payload is NULL. For completeness we check this
> for "encrypted" keys as well as "user" keys, although encrypted keys
> cannot be revoked currently.
>
> Alternatively we could use key_validate(), but since we'll also need to
> fix ecryptfs_get_key_payload_data() to validate the payload length, it
> seems appropriate to just check the payload pointer.
>
> Fixes: 237fead61998 ("[PATCH] ecryptfs: fs/Makefile and fs/Kconfig")
> Cc: <stable@xxxxxxxxxxxxxxx> [v2.6.19+]
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
(A further cleanup might add some inline accessor functions for key data,
but it's not necessary now).
Reviewed-by: James Morris <james.l.morris@xxxxxxxxxx>
--
James Morris
<jmorris@xxxxxxxxx>