On Fri, Nov 10, 2017 at 10:56:46AM -0500, Mimi Zohar wrote:
> On Fri, 2017-11-10 at 12:49 +0100, Greg KH wrote:
> > On Mon, Nov 06, 2017 at 06:06:19AM -0500, Mimi Zohar wrote:
> > > Hi Greg,
> > >
> > > On Sun, 2017-11-05 at 15:18 +0100, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
> > > > The patch below does not apply to the 4.9-stable tree.
> > > > If someone wants it applied there, or to any other stable or longterm
> > > > tree, then please email the backport, including the original git commit
> > > > id to <stable@xxxxxxxxxxxxxxx>.
> > > >
> > > > thanks,
> > > >
> > > > greg k-h
> > >
> > > This commit needs to prereq commit ee618b4619b7 "KEYS: trusted:
> > > sanitize all key material".
> >
> > Thanks, that fixes the issue for 4.4 and 4.9, but not for 3.18 :(
>
> Commit 146aa8b "KEYS: Merge the type-specific data with the payload
> data" introduced the change trusted_destroy(), but it is a rather big
> patch.
>
> @@ -1114,12 +1114,12 @@ static long trusted_read(const struct key
> *key, char __user
> *buffer,
> */
> static void trusted_destroy(struct key *key)
> {
> - struct trusted_key_payload *p = key->payload.data;
> + struct trusted_key_payload *p = key->payload.data[0];
>
> if (!p)
> return;
> memset(p->key, 0, p->key_len);
> - kfree(key->payload.data);
> + kfree(key->payload.data[0]);
> }
>
> Perhaps David has back ported this patch already. David? Otherwise,
> Eric could you create a patch that applies directly to the stable tree
> linux-3.18.y?
>
I'll send backports of "KEYS: trusted: sanitize all key material" and "KEYS:
trusted: fix writing past end of buffer in trusted_read()". We don't need
"KEYS: Merge the type-specific data with the payload data", as far as I know; it
seems to be cleanup/refactoring only.
Eric