Please pull these fixes for the keys code.
>From David Howells:
" Here are three miscellaneous fixes:
(1) Fix a panic in some debugging code in PKCS#7. This can only happen
by explicitly inserting a #define DEBUG into the code.
(2) Fix the calculation of the digest length in the PE file parser. This
causes a failure where there should be a success.
(3) Fix the case where an X.509 cert can be added as an asymmetric key to
a trusted keyring with no trust restriction if no AKID is supplied.
Bugs (1) and (2) aren't particularly problematic, but (3) allows a
security check to be bypassed. Bug (3) is added since the 4.6 kernel. "
The following changes since commit 47ef4ad2684d380dd6d596140fb79395115c3950:
Merge tag 'for-linus-20160715' of git://git.infradead.org/linux-mtd
(2016-07-16 09:53:34 +0900)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
for-linus
Lans Zhang (2):
PKCS#7: Fix panic when referring to the empty AKID when DEBUG defined
pefile: Fix the failure of calculation for digest
Mat Martineau (1):
KEYS: Fix for erroneous trust of incorrectly signed X.509 certs
crypto/asymmetric_keys/mscode_parser.c | 7 ++++++-
crypto/asymmetric_keys/pkcs7_verify.c | 2 +-
crypto/asymmetric_keys/restrict.c | 2 +-
3 files changed, 8 insertions(+), 3 deletions(-)
