From patchwork Tue Sep 5 08:31:29 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kleber Sacilotto de Souza X-Patchwork-Id: 809994 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 3xmg1C1dpNz9sP3; Tue, 5 Sep 2017 18:31:43 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1dp9Gh-00048p-P4; Tue, 05 Sep 2017 08:31:35 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1dp9Gg-00048V-7c for kernel-team@lists.ubuntu.com; Tue, 05 Sep 2017 08:31:34 +0000 Received: from mail-wm0-f71.google.com ([74.125.82.71]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1dp9Gg-0000mB-09 for kernel-team@lists.ubuntu.com; Tue, 05 Sep 2017 08:31:34 +0000 Received: by mail-wm0-f71.google.com with SMTP id p17so3199819wmd.3 for ; Tue, 05 Sep 2017 01:31:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=NHTvxKXoWB3GE79rF6YWC5ZE343Oq6k+7sCjCFBNAOU=; b=nJ7Obh2X8+lKzALciRz7VejN/HOe9KLNivq/Tw22AoO3l2ZEgX2H4gHerPKl5dJkXt Ru/qVmcUB7fvEdl8ru32uR+ZG5Rp6+/EKup6NuRPa+ll/JKXUUFpNcD97c2oFYUBnwtM q6uv/Vl6goHYCfojV6aKaXBKL5eh+OAmyLzIsmWCmkQQmHAgHPRCOEF85aNlQnaYEirR rvJA5CEpEywBJMZd55uC59iAo1Xeu0jVveShynsp7vfa4q7vX99AeDA6vibBaNyyVoIR zShYC7RKqN7ER/mYz7i/zanCGUeXmkGOAd+wzFTUcrUuf6p0cBwxHv0j5Iix4u6ZR6JO iJSw== X-Gm-Message-State: AHPjjUgeTpmLspQHgzCIn0CUXNmmYRVQ38/JQQPqkFGaYgst5L5RCwQF ACZxQEZDNzkz3ygab3GvQmkgqdqNa51URd6aU8TbIduywovXP+UFNUA4Hs4PaFmAv5bc46VZ+O4 Z6k9uE5jWpIyMGDpPqNsGbhZZgVFLx1EZ X-Received: by 10.80.225.131 with SMTP id k3mr2674538edl.218.1504600293375; Tue, 05 Sep 2017 01:31:33 -0700 (PDT) X-Google-Smtp-Source: ADKCNb7aUwx0JSlg7MYdn80vIPRBuEP4U3YUtsLsgAAErGxaOQ+lDfK3VCmJ81/RAYtlknT3CDM0Hw== X-Received: by 10.80.225.131 with SMTP id k3mr2674530edl.218.1504600293079; Tue, 05 Sep 2017 01:31:33 -0700 (PDT) Received: from localhost (ip5f5bd015.dynamic.kabel-deutschland.de. [95.91.208.21]) by smtp.gmail.com with ESMTPSA id o6sm14283edb.10.2017.09.05.01.31.32 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 05 Sep 2017 01:31:32 -0700 (PDT) From: Kleber Sacilotto de Souza To: kernel-team@lists.ubuntu.com Subject: [Trusty SRU][PATCH 1/1] mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] Date: Tue, 5 Sep 2017 10:31:29 +0200 Message-Id: <20170905083129.23453-2-kleber.souza@canonical.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20170905083129.23453-1-kleber.souza@canonical.com> References: <20170905083129.23453-1-kleber.souza@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Andrey Ryabinin This fixes CVE-2016-8650. If mpi_powm() is given a zero exponent, it wants to immediately return either 1 or 0, depending on the modulus. However, if the result was initalised with zero limb space, no limbs space is allocated and a NULL-pointer exception ensues. Fix this by allocating a minimal amount of limb space for the result when the 0-exponent case when the result is 1 and not touching the limb space when the result is 0. This affects the use of RSA keys and X.509 certificates that carry them. BUG: unable to handle kernel NULL pointer dereference at (null) IP: [] mpi_powm+0x32/0x7e6 PGD 0 Oops: 0002 [#1] SMP Modules linked in: CPU: 3 PID: 3014 Comm: keyctl Not tainted 4.9.0-rc6-fscache+ #278 Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014 task: ffff8804011944c0 task.stack: ffff880401294000 RIP: 0010:[] [] mpi_powm+0x32/0x7e6 RSP: 0018:ffff880401297ad8 EFLAGS: 00010212 RAX: 0000000000000000 RBX: ffff88040868bec0 RCX: ffff88040868bba0 RDX: ffff88040868b260 RSI: ffff88040868bec0 RDI: ffff88040868bee0 RBP: ffff880401297ba8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000047 R11: ffffffff8183b210 R12: 0000000000000000 R13: ffff8804087c7600 R14: 000000000000001f R15: ffff880401297c50 FS: 00007f7a7918c700(0000) GS:ffff88041fb80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000401250000 CR4: 00000000001406e0 Stack: ffff88040868bec0 0000000000000020 ffff880401297b00 ffffffff81376cd4 0000000000000100 ffff880401297b10 ffffffff81376d12 ffff880401297b30 ffffffff81376f37 0000000000000100 0000000000000000 ffff880401297ba8 Call Trace: [] ? __sg_page_iter_next+0x43/0x66 [] ? sg_miter_get_next_page+0x1b/0x5d [] ? sg_miter_next+0x17/0xbd [] ? mpi_read_raw_from_sgl+0xf2/0x146 [] rsa_verify+0x9d/0xee [] ? pkcs1pad_sg_set_buf+0x2e/0xbb [] pkcs1pad_verify+0xc0/0xe1 [] public_key_verify_signature+0x1b0/0x228 [] x509_check_for_self_signed+0xa1/0xc4 [] x509_cert_parse+0x167/0x1a1 [] x509_key_preparse+0x21/0x1a1 [] asymmetric_key_preparse+0x34/0x61 [] key_create_or_update+0x145/0x399 [] SyS_add_key+0x154/0x19e [] do_syscall_64+0x80/0x191 [] entry_SYSCALL64_slow_path+0x25/0x25 Code: 56 41 55 41 54 53 48 81 ec a8 00 00 00 44 8b 71 04 8b 42 04 4c 8b 67 18 45 85 f6 89 45 80 0f 84 b4 06 00 00 85 c0 75 2f 41 ff ce <49> c7 04 24 01 00 00 00 b0 01 75 0b 48 8b 41 18 48 83 38 01 0f RIP [] mpi_powm+0x32/0x7e6 RSP CR2: 0000000000000000 ---[ end trace d82015255d4a5d8d ]--- Basically, this is a backport of a libgcrypt patch: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=patch;h=6e1adb05d290aeeb1c230c763970695f4a538526 Fixes: cdec9cb5167a ("crypto: GnuPG based MPI lib - source files (part 1)") Signed-off-by: Andrey Ryabinin Signed-off-by: David Howells cc: Dmitry Kasatkin cc: linux-ima-devel@lists.sourceforge.net cc: stable@vger.kernel.org Signed-off-by: James Morris (cherry picked from commit f5527fffff3f002b0a6b376163613b82f69de073) Signed-off-by: Kleber Sacilotto de Souza Acked-by: Colin Ian King Acked-by: Stefan Bader --- lib/mpi/mpi-pow.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/mpi/mpi-pow.c b/lib/mpi/mpi-pow.c index 5464c8744ea9..e24388a863a7 100644 --- a/lib/mpi/mpi-pow.c +++ b/lib/mpi/mpi-pow.c @@ -64,8 +64,13 @@ int mpi_powm(MPI res, MPI base, MPI exp, MPI mod) if (!esize) { /* Exponent is zero, result is 1 mod MOD, i.e., 1 or 0 * depending on if MOD equals 1. */ - rp[0] = 1; res->nlimbs = (msize == 1 && mod->d[0] == 1) ? 0 : 1; + if (res->nlimbs) { + if (mpi_resize(res, 1) < 0) + goto enomem; + rp = res->d; + rp[0] = 1; + } res->sign = 0; goto leave; }