tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'keys-trusted-next-6.10-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd

Pull trusted keys fixes from Jarkko Sakkinen:
"These are two bugs I found from trusted keys while working on a new
RSA key type for TPM2. Both originate form v5.13.

The memory leak is more crucial but I don't think it is either good
idea if kernel throws WARN when ASN.1 parser fails, even if it is
related to programming error, as it is not that mature code yet.

There's at least two WARN's in that code but I picked just the one
more likely to trigger. Planning to fix the other one too over time"

* tag 'keys-trusted-next-6.10-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
KEYS: trusted: Do not use WARN when encode fails
KEYS: trusted: Fix memory leak in tpm2_key_encode()

Linus Torvalds fa8151ca 38da32ee

+19 -6
+19 -6
security/keys/trusted-keys/trusted_tpm2.c
··· 38 38 u8 *end_work = scratch + SCRATCH_SIZE; 39 39 u8 *priv, *pub; 40 40 u16 priv_len, pub_len; 41 + int ret; 41 42 42 43 priv_len = get_unaligned_be16(src) + 2; 43 44 priv = src; ··· 58 57 unsigned char bool[3], *w = bool; 59 58 /* tag 0 is emptyAuth */ 60 59 w = asn1_encode_boolean(w, w + sizeof(bool), true); 61 - if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) 62 - return PTR_ERR(w); 60 + if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) { 61 + ret = PTR_ERR(w); 62 + goto err; 63 + } 63 64 work = asn1_encode_tag(work, end_work, 0, bool, w - bool); 64 65 } 65 66 ··· 72 69 * trigger, so if it does there's something nefarious going on 73 70 */ 74 71 if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE, 75 - "BUG: scratch buffer is too small")) 76 - return -EINVAL; 72 + "BUG: scratch buffer is too small")) { 73 + ret = -EINVAL; 74 + goto err; 75 + } 77 76 78 77 work = asn1_encode_integer(work, end_work, options->keyhandle); 79 78 work = asn1_encode_octet_string(work, end_work, pub, pub_len); ··· 84 79 work1 = payload->blob; 85 80 work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), 86 81 scratch, work - scratch); 87 - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) 88 - return PTR_ERR(work1); 82 + if (IS_ERR(work1)) { 83 + ret = PTR_ERR(work1); 84 + pr_err("BUG: ASN.1 encoder failed with %d\n", ret); 85 + goto err; 86 + } 89 87 88 + kfree(scratch); 90 89 return work1 - payload->blob; 90 + 91 + err: 92 + kfree(scratch); 93 + return ret; 91 94 } 92 95 93 96 struct tpm2_key_context {