security: don't use a negative Opt_err token index

torvalds · torvalds · commit 94c13f66e13c · 2018-12-17T16:21:48.000-08:00
The code uses a bitmap to check for duplicate tokens during parsing, and that doesn't work at all for the negative Opt_err token case. There is absolutely no reason to make Opt_err be negative, and in fact it only confuses things, since some of the affected functions actually return a positive Opt_xyz enum _or_ a regular negative error code (eg -EINVAL), and using -1 for Opt_err makes no sense. There are similar problems in ima_policy.c and key encryption, but they don't have the immediate bug wrt bitmap handing, and ima_policy.c in particular needs a different patch to make the enum values match the token array index. Mimi is sending that separately. Reported-by: syzbot+a22e0dc07567662c50bc@syzkaller.appspotmail.com Reported-by: Eric Biggers <ebiggers@kernel.org> Fixes: 5208cc8 ("keys, trusted: fix: *do not* allow duplicate key options") Fixes: 00d60fd ("KEYS: Provide keyctls to drive the new key type ops for asymmetric keys [ver #2]") Cc: James Morris James Morris <jmorris@namei.org> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Cc: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c
@@ -25,7 +25,7 @@ static void keyctl_pkey_params_free(struct kernel_pkey_params *params)
 }
 
 enum {
-	Opt_err = -1,
+	Opt_err,
 	Opt_enc,		/* "enc=<encoding>" eg. "enc=oaep" */
 	Opt_hash,		/* "hash=<digest-name>" eg. "hash=sha1" */
 };
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
@@ -711,7 +711,7 @@ static int key_unseal(struct trusted_key_payload *p,
 }
 
 enum {
-	Opt_err = -1,
+	Opt_err,
 	Opt_new, Opt_load, Opt_update,
 	Opt_keyhandle, Opt_keyauth, Opt_blobauth,
 	Opt_pcrinfo, Opt_pcrlock, Opt_migratable,

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ static void keyctl_pkey_params_free(struct kernel_pkey_params *params)`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`enum {`
`28`		`- Opt_err = -1,`
	`28`	`+ Opt_err,`
`29`	`29`	`Opt_enc, /* "enc=<encoding>" eg. "enc=oaep" */`
`30`	`30`	`Opt_hash, /* "hash=<digest-name>" eg. "hash=sha1" */`
`31`	`31`	`};`
Original file line number	Diff line number	Diff line change
`@@ -711,7 +711,7 @@ static int key_unseal(struct trusted_key_payload *p,`
`711`	`711`	`}`
`712`	`712`
`713`	`713`	`enum {`
`714`		`- Opt_err = -1,`
	`714`	`+ Opt_err,`
`715`	`715`	`Opt_new, Opt_load, Opt_update,`
`716`	`716`	`Opt_keyhandle, Opt_keyauth, Opt_blobauth,`
`717`	`717`	`Opt_pcrinfo, Opt_pcrlock, Opt_migratable,`