From patchwork Fri Jan 22 12:24:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Zhongjun Tan X-Patchwork-Id: 369429 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E13FCC433E0 for ; Fri, 22 Jan 2021 13:17:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AF15123428 for ; Fri, 22 Jan 2021 13:17:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727335AbhAVNRB (ORCPT ); Fri, 22 Jan 2021 08:17:01 -0500 Received: from m12-12.163.com ([220.181.12.12]:35970 "EHLO m12-12.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727301AbhAVNQ5 (ORCPT ); Fri, 22 Jan 2021 08:16:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=qQdgD kScP3b2//FDvOoUaLkcOuaz06wcJpQgufq/+lM=; b=VsVbO7LQD+fieTP4f9guR GkndqIqTwknDcZ0SCG0tIG1Pp9AXbKWdzgxWmqClfKAFijpRdjcxgUauZhcokBqF IoAZA24AIf2xNZxGEJ0um6XD0VxNEZw48BKT52egIOfVYvOY7WCc6nxsZ/5jPR9G DF041CLps5sntqsEAC2qc8= Received: from localhost.localdomain (unknown [119.137.55.101]) by smtp8 (Coremail) with SMTP id DMCowABHTLATxApgW3gZNQ--.48424S2; Fri, 22 Jan 2021 20:24:53 +0800 (CST) From: =?utf-8?q?=C2=A0Tan_Zhongjun?= To: tanzhongjun@yulong.com Cc: Tianjia Zhang , Tobias Markus , David Howells , =?utf-8?q?Toke_H=C3=B8iland-J?= =?utf-8?b?w7hyZ2Vuc2Vu?= , =?utf-8?q?Jo=C3=A3o_Fonseca?= , Jarkko Sakkinen , stable@vger.kernel.org, Linus Torvalds Subject: [PATCH] X.509: Fix crash caused by NULL pointer Date: Fri, 22 Jan 2021 20:24:36 +0800 Message-Id: <20210122122436.1466-1-hbut_tan@163.com> X-Mailer: git-send-email 2.30.0.windows.2 MIME-Version: 1.0 X-CM-TRANSID: DMCowABHTLATxApgW3gZNQ--.48424S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7Zry7AF1fGw1fJw4UWr43trb_yoW8ArWfpa 97ur10gFy8Gr1Ik3WUJw1I9a45GFWj9F4agw4fAw1xG3ZxXw4rC3yIvFs8WFn3GryrXryF yrZFqw1xZw1DAaDanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jhiSdUUUUU= X-Originating-IP: [119.137.55.101] X-CM-SenderInfo: xkex3sxwdqqiywtou0bp/1tbiWBUixluHvSIQQQAAs7 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Tianjia Zhang On the following call path, `sig->pkey_algo` is not assigned in asymmetric_key_verify_signature(), which causes runtime crash in public_key_verify_signature(). keyctl_pkey_verify asymmetric_key_verify_signature verify_signature public_key_verify_signature This patch simply check this situation and fixes the crash caused by NULL pointer. Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate verification") Reported-by: Tobias Markus Signed-off-by: Tianjia Zhang Signed-off-by: David Howells Reviewed-and-tested-by: Toke Høiland-Jørgensen Tested-by: João Fonseca Acked-by: Jarkko Sakkinen Cc: stable@vger.kernel.org # v5.10+ Signed-off-by: Linus Torvalds Signed-off-by: george.tan --- crypto/asymmetric_keys/public_key.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 8892908..788a4ba 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -356,7 +356,8 @@ int public_key_verify_signature(const struct public_key *pkey, if (ret) goto error_free_key; - if (strcmp(sig->pkey_algo, "sm2") == 0 && sig->data_size) { + if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 && + sig->data_size) { ret = cert_sig_digest_update(sig, tfm); if (ret) goto error_free_key;