00". It's also easier to read.
(2) The default month length for any February where the year doesn't
divide by four exactly is obtained from the month_length[] array where
the value is 29, not 28.
This is fixed by altering the table.
Reported-by: Rudolf Polzer
Sig
h can be
summarised as:
BUG: unable to handle kernel NULL pointer dereference at
0010
IP: [] user_read+0x56/0xa3
...
Call Trace:
[] keyctl_read_key+0xb6/0xd7
[] SyS_keyctl+0x83/0xe0
[] entry_SYSCALL_64_fastpath+0x12/0x6f
Reported-
rkers from all the parameters since
they don't really achieve anything and we do need to alter the sec
parameter.
Signed-off-by: David Howells
cc: John Stultz
cc: Arnd Bergmann
cc: stable@vger.kernel.org
---
include/linux/time.h | 13 ++---
kernel/time/time.c | 14 +++--
00". It's also easier to read.
(2) The default month length for any February where the year doesn't
divide by four exactly is obtained from the month_length[] array where
the value is 29, not 28.
This is fixed by altering the table.
Reported-by: Rudolf Polzer
Sig
Reported-by: Rudolf Polzer
Signed-off-by: David Howells
cc: David Woodhouse
cc: John Stultz
cc: Arnd Bergmann
cc: stable@vger.kernel.org
---
crypto/asymmetric_keys/x509_cert_parser.c |6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/crypto/asymmetric_keys/x509_cer
().
Without this patch, certain X.509 certificates will be rejected and could
lead to an unbootable kernel.
Reported-by: Rudolf Polzer
Signed-off-by: David Howells
cc: David Woodhouse
cc: John Stultz
cc: Arnd Bergmann
cc: stable@vger.kernel.org
---
crypto/asymmetric_keys/x509_cert_parser.c | 12
8601 dates.
Signed-off-by: David Howells
cc: John Stultz
cc: Arnd Bergmann
cc: stable@vger.kernel.org
---
kernel/time/time.c |5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/kernel/time/time.c b/kernel/time/time.c
index 1858b10602f5..56e7ada38471 100644
--- a/kernel/t
Greg Kroah-Hartman wrote:
> David, any reason you didn't put a cc: stable in the commit for it to be
> picked up in the stable releases?
I did cc it to stable.
David
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More m
doing the following:
cat <
Signed-off-by: David Howells
Tested-by: Mimi Zohar
Acked-by: David Woodhouse
---
crypto/asymmetric_keys/x509_cert_parser.c | 12 +++-
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c
b/cry
doing the following:
cat <
Signed-off-by: David Howells
Tested-by: Mimi Zohar
Acked-by: David Woodhouse
---
crypto/asymmetric_keys/x509_cert_parser.c | 12 +++-
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c
b/cry
doing the following:
cat <
Signed-off-by: David Howells
Tested-by: Mimi Zohar
Acked-by: David Woodhouse
---
crypto/asymmetric_keys/x509_cert_parser.c | 12 +++-
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c
b/cry
ioned with
keyring metadata.
Now the kernel gives an error:
request_key("keyring", "#selinux,bdekeyring", "keyring",
KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted)
Signed-off-by: David Howells
---
security/keys/request_key.c |3 ++
m_fork+0x3f/0x70
[] ? kthread_create_on_node+0x1c2/0x1c2
Note the value in RAX. This is a 32-bit representation of -ENOKEY.
The solution is to only call ->destroy() if the key was successfully
instantiated.
Reported-by: Dmitry Vyukov
Signed-off-by: David Howells
Tested-by: Dmitry Vyukov
---
okay with patch (2) being deferred to the next merge window if we're only
fixing security bugs at this time upstream.
The patches can be found here also:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
David
---
David Howells (2):
KEYS:
James Morris wrote:
> Pulled to my -next branch, but it's too late really for 4.2, for this
> class of bugfix.
Thanks. That'll do.
David
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vg
in grammar (2015-08-06 12:59:07 +0100)
ASN.1 fixes
--------
David Howells (4):
ASN.1: Fix handling of CHOICE in ASN.1 compiler
ASN.1: Fix actions on CHOICE elements with IMPLICIT tags
ASN.1: Fix non-m
James Morris wrote:
> What are the security implications of these bugs?
I've fed them various bits of butchered ASN.1 and observed the effects as well
as checking what happens in the code. I don't think there are any security
implications. I've outlined my reasoning in each patch description.
L' in grammar (2015-08-05 13:38:07 +0100)
ASN.1 fixes
--------
David Howells (4):
ASN.1: Fix handling of CHOICE in ASN.1 compiler
ASN.1: Fix actions on CHOICE elements with IMPLICIT tags
ASN.1: Fix non-match
An ANY object in an ASN.1 grammar that is marked OPTIONAL should be skipped
if there is no more data to be had.
This can be tested by editing X.509 certificates or PKCS#7 messages to
remove the NULL from subobjects that look like the following:
SEQUENCE {
OBJECT(2a864886f70d0101
that have complex types.
This cannot be tested with the code as it stands, but rather affects future
code.
Signed-off-by: David Howells
Reviewed-By: David Woodhouse
---
scripts/asn1_compiler.c | 17 ++---
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/scripts/asn1_
he flag. Setting the flag here is okay
because to process a subclause, a match must have happened and caused a
jump.
This cannot be tested with the code as it stands, but rather affects future
code.
Signed-off-by: David Howells
Reviewed-by: David Woodhouse
---
include/linux
apparently succeed, perhaps with ENOKEY or EKEYREJECTED being produced
later, depending on what gets snipped.
Just snipping off the final BIT_STRING or OCTET_STRING from either sample
should be a start since both are mandatory and neither will cause an EBADMSG
without the patches
Reported-by: Marce
Linus Torvalds wrote:
> > Signed-off-by: Colin Ian King
> > Signed-off-by: David Howells
>
> Who is the actual author of this? If it's Colin, it should have said
> so. If it's you, what is the sign-off from Colin?
Sorry, yes, there should be a:
whether it can update a key directly rather than adding/replacing - which
it turns out it can. Thus __key_link() is not called through
__key_instantiate_and_link() and __key_link_end() must cancel the edit.
CVE-2015-1333
Signed-off-by: Colin Ian King
Signed-off-by: David Howells
---
diff --git
Hi Linus,
Could you these directly please? James asked me to pass them directly on to
you. There are two fixes:
(1) Fix for the order in which things are done during key garbage
collection to prevent named keyrings causing a crash [CVE-2014-9529].
(2) Fix assoc_array to explicitly #incl
Hi James,
Could you pass these on to Linus please? There are two fixes:
(1) Fix for the order in which things are done during key garbage
collection to prevent named keyrings causing a crash [CVE-2014-9529].
(2) Fix assoc_array to explicitly #include rcupdate.h to prevent compilation
> Signed-off-by: Fabian Frederick
> Reported-by: David Howells
> Cc: [3.16.x]
> Signed-off-by: Andrew Morton
Acked-by: David Howells
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Add newly registered TPMs to the tail of the list, not the beginning, so that
things that are specifying TPM_ANY_NUM don't find that the device they're
using has inadvertently changed. Adding a second device would break IMA, for
instance.
Signed-off-by: David Howells
Reviewed
It's in my git tree here:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=afs
David
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordom
Linus Torvalds wrote:
> A small panel discussion with a few people (fiveish?) that have very
> different viewpoints, along with baskets of rotten fruit set out on
> the tables? That could be fun. And I'm serious, although we might want
> to limit the size of the fruit to smaller berries ;)
I thi
es to revoked and expired keys being given
EACCES instead of EKEYREVOKED or EKEYEXPIRED.
Signed-off-by: David Howells
---
security/keys/internal.h |1 +
security/keys/process_keys.c |8 +---
security/keys/request_key.c |6 --
security/keys/request_key_auth.c |
Give the OID registry file module information so that it doesn't taint the
kernel when compiled as a module and loaded.
Reported-by: Dros Adamson
Signed-off-by: David Howells
cc: Trond Myklebust
cc: stable@vger.kernel.org
cc: linux-...@vger.kernel.org
---
lib/oid_registry.c |5 +++
Give the OID registry file module information so that it doesn't taint the
kernel when compiled as a module and loaded.
Reported-by: Dros Adamson
Signed-off-by: David Howells
cc: Trond Myklebust
cc: stable@vger.kernel.org
cc: linux-...@vger.kernel.org
---
lib/oid_registry.c |5 +++
Give the OID registry file module information so that it doesn't taint the
kernel when compiled as a module and loaded.
Reported-by: Dros Adamson
Signed-off-by: David Howells
cc: Trond Myklebust
cc: stable@vger.kernel.org
cc: linux-...@vger.kernel.org
---
lib/oid_registry.c |5 +++
_IRIX_SIGACTION.
Signed-off-by: David Howells
cc: Al Viro
cc: Ralf Baechle
cc: linux-m...@linux-mips.org
cc: stable@vger.kernel.org
---
arch/mips/include/asm/signal.h |2 +-
include/linux/compat.h |4 ++--
include/linux/signal.h |4 ++--
3 files changed, 5 insertions(
used for module
signing, so do we really need them?
Signed-off-by: David Howells
cc: David Woodhouse
cc: Rusty Russell
cc: Josh Boyer
cc: Alexander Holler
cc: stable@vger.kernel.org
---
crypto/asymmetric_keys/x509.asn1 |4 +-
crypto/asymmetric_keys/x509_cert_parser.c |
the extra deletion, the
presence of a negative key in the thread keyring (causing ENOKEY) is
incorrectly overridden by an error searching the process keyring.
So revert the second application of the patch.
Signed-off-by: David Howells
cc: Jiri Kosina
cc: Andrew Morton
cc: stable@vger.
Myklebust, Trond wrote:
> > So it looks like it oughtn't to be possible to get here with idmap_key_cons
> > being non-NULL.
>
> Sure it is. Look at what happens if rpc_queue_upcall() fails, then look
> at the 2 patches at
>
> http://git.linux-nfs.org/?p=trondmy/linux-nfs.git;a=commitdiff;h=7f26
Linus Torvalds wrote:
> David? Why is there a BUG_ON() there? Killing the machine helps us exactly
> how?
>
> There seems to be some missing locking wrt idmap->idmap_key_cons
> accesses.
I was thinking that it shouldn't be possible to get there with a non-NULL
value in idmap->idmap_key_cons, but
those clearing is not required.
Signed-off-by: David Howells
cc: sparcli...@vger.kernel.org
cc: stable@vger.kernel.org
---
arch/sparc/Kconfig |3 +++
arch/sparc/kernel/systbls_64.S |2 +-
2 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/arch/sparc/Kconfig b/arch
x27;t
> matter, exit_creds() won't be called.
>
> Cc:
> Signed-off-by: Oleg Nesterov
Acked-by: David Howells
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Can you push these to Linus in this merge window, please?
David
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
those clearing is not required.
Signed-off-by: David Howells
cc: sparcli...@vger.kernel.org
cc: stable@vger.kernel.org
---
arch/sparc/Kconfig |3 +++
arch/sparc/kernel/systbls_64.S |2 +-
2 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/arch/sparc/Kconfig b/arch
Don't clear vm_mm in a deleted VMA as it's unnecessary and might conceivably
break the filesystem or driver VMA close routine.
Reported-by: Al Viro
Signed-off-by: David Howells
Acked-by: Al Viro
cc: stable@vger.kernel.org
---
mm/nommu.c |2 --
1 files changed, 0 insert
Lock i_mmap_mutex for access to the VMA prio list to prevent concurrent access.
Currently, certain parts of the mmap handling are protected by the region
mutex, but not all.
Reported-by: Al Viro
Signed-off-by: David Howells
Acked-by: Al Viro
cc: stable@vger.kernel.org
---
mm/nommu.c |7
Christian Borntraeger wrote:
> Do you want to push this change via Martins s390 tree or via other
> trees?
I've no objection to it going via Martin's tree. It's really an S390 fix
rather than a keyrings/security fix.
David
--
To unsubscribe from this list: send the line "unsubscribe stable" in
those clearing is not required.
Signed-off-by: David Howells
cc: sparcli...@vger.kernel.org
cc: stable@vger.kernel.org
---
arch/sparc/Kconfig |3 +++
arch/sparc/kernel/systbls_64.S |2 +-
2 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/arch/sparc/Kconfig b/arch
d the s390 Kconfig doesn't enable it.
Without this patch, 32-bit calls to the keyctl() syscall are given an ENOSYS
error:
[root@devel4 ~]# keyctl show
Session Keyring
-3: key inaccessible (Function not implemented)
Signed-off-by: David Howells
Acked-by: d...@d
48 matches
Mail list logo