diff options
author | Josh Boyer <jwboyer@redhat.com> | 2012-10-02 09:56:09 -0400 |
---|---|---|
committer | Josh Boyer <jwboyer@redhat.com> | 2012-10-02 09:59:19 -0400 |
commit | 20accb4a0e7141e08887fdf389135cf7b0d8cdf7 (patch) | |
tree | 221a30c795f561daf6af9dfb6f41a06746f3b6d3 /modsign-post-KS-jwb.patch | |
parent | 386d01e31aa3706035aaf43037d14154009df22a (diff) | |
download | kernel-20accb4a0e7141e08887fdf389135cf7b0d8cdf7.tar.gz kernel-20accb4a0e7141e08887fdf389135cf7b0d8cdf7.tar.xz kernel-20accb4a0e7141e08887fdf389135cf7b0d8cdf7.zip |
Patch from David Howells to fix overflow on 32-bit X.509 certs (rhbz 861322)
Diffstat (limited to 'modsign-post-KS-jwb.patch')
-rw-r--r-- | modsign-post-KS-jwb.patch | 174 |
1 files changed, 174 insertions, 0 deletions
diff --git a/modsign-post-KS-jwb.patch b/modsign-post-KS-jwb.patch index 6dd81ffa0..ec61f3472 100644 --- a/modsign-post-KS-jwb.patch +++ b/modsign-post-KS-jwb.patch @@ -9151,3 +9151,177 @@ index 83eb505..2beea56 100644 -- 1.7.11.4 +The current choice of lifetime for the autogenerated X.509 of 100 years, +putting the validTo date in 2112, causes problems on 32-bit systems where a +32-bit time_t wraps in 2106. 64-bit x86_64 systems seem to be unaffected. + +This can result in something like: + + Loading module verification certificates + X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 has expired + MODSIGN: Problem loading in-kernel X.509 certificate (-127) + +Or: + + X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 is not yet valid + MODSIGN: Problem loading in-kernel X.509 certificate (-129) + +Instead of turning the dates into time_t values and comparing, turn the system +clock and the ASN.1 dates into tm structs and compare those piecemeal instead. + +Reported-by: Rusty Russell <rusty@rustcorp.com.au> +Signed-off-by: David Howells <dhowells@redhat.com> +--- + + crypto/asymmetric_keys/x509_cert_parser.c | 25 ++++++++--------- + crypto/asymmetric_keys/x509_parser.h | 4 +-- + crypto/asymmetric_keys/x509_public_key.c | 42 ++++++++++++++++++++++++++--- + 3 files changed, 51 insertions(+), 20 deletions(-) + + +diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c +index 8fcac94..db07e8c 100644 +--- a/crypto/asymmetric_keys/x509_cert_parser.c ++++ b/crypto/asymmetric_keys/x509_cert_parser.c +@@ -434,11 +434,10 @@ int x509_process_extension(void *context, size_t hdrlen, + /* + * Record a certificate time. + */ +-static int x509_note_time(time_t *_time, size_t hdrlen, ++static int x509_note_time(struct tm *tm, size_t hdrlen, + unsigned char tag, + const unsigned char *value, size_t vlen) + { +- unsigned YY, MM, DD, hh, mm, ss; + const unsigned char *p = value; + + #define dec2bin(X) ((X) - '0') +@@ -448,30 +447,30 @@ static int x509_note_time(time_t *_time, size_t hdrlen, + /* UTCTime: YYMMDDHHMMSSZ */ + if (vlen != 13) + goto unsupported_time; +- YY = DD2bin(p); +- if (YY > 50) +- YY += 1900; ++ tm->tm_year = DD2bin(p); ++ if (tm->tm_year >= 50) ++ tm->tm_year += 1900; + else +- YY += 2000; ++ tm->tm_year += 2000; + } else if (tag == ASN1_GENTIM) { + /* GenTime: YYYYMMDDHHMMSSZ */ + if (vlen != 15) + goto unsupported_time; +- YY = DD2bin(p) * 100 + DD2bin(p); ++ tm->tm_year = DD2bin(p) * 100 + DD2bin(p); + } else { + goto unsupported_time; + } + +- MM = DD2bin(p); +- DD = DD2bin(p); +- hh = DD2bin(p); +- mm = DD2bin(p); +- ss = DD2bin(p); ++ tm->tm_year -= 1900; ++ tm->tm_mon = DD2bin(p) - 1; ++ tm->tm_mday = DD2bin(p); ++ tm->tm_hour = DD2bin(p); ++ tm->tm_min = DD2bin(p); ++ tm->tm_sec = DD2bin(p); + + if (*p != 'Z') + goto unsupported_time; + +- *_time = mktime(YY, MM, DD, hh, mm, ss); + return 0; + + unsupported_time: +diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h +index 635053f..f86dc5f 100644 +--- a/crypto/asymmetric_keys/x509_parser.h ++++ b/crypto/asymmetric_keys/x509_parser.h +@@ -18,8 +18,8 @@ struct x509_certificate { + char *subject; /* Name of certificate subject */ + char *fingerprint; /* Key fingerprint as hex */ + char *authority; /* Authority key fingerprint as hex */ +- time_t valid_from; +- time_t valid_to; ++ struct tm valid_from; ++ struct tm valid_to; + enum pkey_algo pkey_algo : 8; /* Public key algorithm */ + enum pkey_algo sig_pkey_algo : 8; /* Signature public key algorithm */ + enum pkey_hash_algo sig_hash_algo : 8; /* Signature hash algorithm */ +diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c +index 716917c..5ab736d 100644 +--- a/crypto/asymmetric_keys/x509_public_key.c ++++ b/crypto/asymmetric_keys/x509_public_key.c +@@ -106,7 +106,7 @@ error_no_sig: + static int x509_key_preparse(struct key_preparsed_payload *prep) + { + struct x509_certificate *cert; +- time_t now; ++ struct tm now; + size_t srlen, sulen; + char *desc = NULL; + int ret; +@@ -118,7 +118,14 @@ static int x509_key_preparse(struct key_preparsed_payload *prep) + pr_devel("Cert Issuer: %s\n", cert->issuer); + pr_devel("Cert Subject: %s\n", cert->subject); + pr_devel("Cert Key Algo: %s\n", pkey_algo[cert->pkey_algo]); +- pr_devel("Cert Valid: %lu - %lu\n", cert->valid_from, cert->valid_to); ++ printk("Cert Valid From: %04ld-%02d-%02d %02d:%02d:%02d\n", ++ cert->valid_from.tm_year + 1900, cert->valid_from.tm_mon + 1, ++ cert->valid_from.tm_mday, cert->valid_from.tm_hour, ++ cert->valid_from.tm_min, cert->valid_from.tm_sec); ++ printk("Cert Valid To: %04ld-%02d-%02d %02d:%02d:%02d\n", ++ cert->valid_to.tm_year + 1900, cert->valid_to.tm_mon + 1, ++ cert->valid_to.tm_mday, cert->valid_to.tm_hour, ++ cert->valid_to.tm_min, cert->valid_to.tm_sec); + pr_devel("Cert Signature: %s + %s\n", + pkey_algo[cert->sig_pkey_algo], + pkey_hash_algo[cert->sig_hash_algo]); +@@ -130,13 +137,38 @@ static int x509_key_preparse(struct key_preparsed_payload *prep) + goto error_free_cert; + } + +- now = CURRENT_TIME.tv_sec; +- if (now < cert->valid_from) { ++ time_to_tm(CURRENT_TIME.tv_sec, 0, &now); ++ printk("Now: %04ld-%02d-%02d %02d:%02d:%02d\n", ++ now.tm_year + 1900, now.tm_mon + 1, now.tm_mday, ++ now.tm_hour, now.tm_min, now.tm_sec); ++ if (now.tm_year < cert->valid_from.tm_year || ++ (now.tm_year == cert->valid_from.tm_year && ++ (now.tm_mon < cert->valid_from.tm_mon || ++ (now.tm_mon == cert->valid_from.tm_mon && ++ (now.tm_mday < cert->valid_from.tm_mday || ++ (now.tm_mday == cert->valid_from.tm_mday && ++ (now.tm_hour < cert->valid_from.tm_hour || ++ (now.tm_hour == cert->valid_from.tm_hour && ++ (now.tm_min < cert->valid_from.tm_min || ++ (now.tm_min == cert->valid_from.tm_min && ++ (now.tm_sec < cert->valid_from.tm_sec ++ ))))))))))) { + pr_warn("Cert %s is not yet valid\n", cert->fingerprint); + ret = -EKEYREJECTED; + goto error_free_cert; + } +- if (now >= cert->valid_to) { ++ if (now.tm_year > cert->valid_to.tm_year || ++ (now.tm_year == cert->valid_to.tm_year && ++ (now.tm_mon > cert->valid_to.tm_mon || ++ (now.tm_mon == cert->valid_to.tm_mon && ++ (now.tm_mday > cert->valid_to.tm_mday || ++ (now.tm_mday == cert->valid_to.tm_mday && ++ (now.tm_hour > cert->valid_to.tm_hour || ++ (now.tm_hour == cert->valid_to.tm_hour && ++ (now.tm_min > cert->valid_to.tm_min || ++ (now.tm_min == cert->valid_to.tm_min && ++ (now.tm_sec > cert->valid_to.tm_sec ++ ))))))))))) { + pr_warn("Cert %s has expired\n", cert->fingerprint); + ret = -EKEYEXPIRED; + goto error_free_cert; + |