mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-02 00:24:12 +08:00
72f9a07b6b
In public_key_verify_signature(), if akcipher_request_alloc() fails, we return -ENOMEM. But that error code was set 25 lines above, and by accident someone could easily insert new code in between that assigns to 'ret', which would introduce a signature verification bypass. Make the code clearer by moving the -ENOMEM down to where it is used. Additionally, the callers of public_key_verify_signature() only consider a negative return value to be an error. This means that if any positive return value is accidentally introduced deeper in the call stack (e.g. 'return EBADMSG' instead of 'return -EBADMSG' somewhere in RSA), signature verification will be bypassed. Make things more robust by having public_key_verify_signature() warn about positive errors and translate them into -EINVAL. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com> |
||
---|---|---|
.. | ||
.gitignore | ||
asymmetric_keys.h | ||
asymmetric_type.c | ||
Kconfig | ||
Makefile | ||
mscode_parser.c | ||
mscode.asn1 | ||
pkcs7_key_type.c | ||
pkcs7_parser.c | ||
pkcs7_parser.h | ||
pkcs7_trust.c | ||
pkcs7_verify.c | ||
pkcs7.asn1 | ||
public_key.c | ||
restrict.c | ||
signature.c | ||
verify_pefile.c | ||
verify_pefile.h | ||
x509_akid.asn1 | ||
x509_cert_parser.c | ||
x509_parser.h | ||
x509_public_key.c | ||
x509.asn1 |