github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 08:08:03 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
linux/crypto/asymmetric_keys
History
Lukas Wunner d702c34082 X.509: Fix out-of-bounds access when parsing extensions 
Leo reports an out-of-bounds access when parsing a certificate with
empty Basic Constraints or Key Usage extension because the first byte of
the extension is read before checking its length.  Fix it.

The bug can be triggered by an unprivileged user by submitting a
specially crafted certificate to the kernel through the keyrings(7) API.
Leo has demonstrated this with a proof-of-concept program responsibly
disclosed off-list.

Fixes: 30eae2b037 ("KEYS: X.509: Parse Basic Constraints for CA")
Fixes: 567671281a ("KEYS: X.509: Parse Key Usage")
Reported-by: Leo Lin <leo@depthfirst.com> # off-list
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Reviewed-by: Ignat Korchagin <ignat@linux.win>
Cc: stable@vger.kernel.org # v6.4+
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2026-04-12 13:38:19 +08:00
..
asymmetric_keys.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
asymmetric_type.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
Kconfig x509: select CONFIG_CRYPTO_LIB_SHA256 2026-02-22 12:09:23 -08:00
Makefile certs: Add ECDSA signature verification self-test 2024-05-14 05:01:04 +03:00
mscode_parser.c Revert "crypto: pkcs7 - remove sha1 support" 2024-03-22 19:42:20 +08:00
mscode.asn1 pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
pkcs7_key_type.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
pkcs7_parser.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
pkcs7_parser.h pkcs7: Allow authenticatedAttributes for ML-DSA 2026-02-02 16:58:21 +00:00
pkcs7_trust.c keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
pkcs7_verify.c pkcs7: Change a pr_warn() to pr_warn_once() 2026-02-05 15:44:00 +00:00
pkcs7.asn1 treewide: Add SPDX identifier to IETF ASN.1 modules 2023-10-27 18:04:28 +08:00
pkcs8_parser.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
pkcs8.asn1 treewide: Add SPDX identifier to IETF ASN.1 modules 2023-10-27 18:04:28 +08:00
public_key.c pkcs7, x509: Add ML-DSA support 2026-01-30 11:34:34 +00:00
restrict.c KEYS: Avoid -Wflex-array-member-not-at-end warning 2025-11-22 10:04:50 +08:00
selftest_ecdsa.c certs: Add ECDSA signature verification self-test 2024-05-14 05:01:04 +03:00
selftest_rsa.c certs: Move RSA self-test data to separate file 2024-05-14 05:01:03 +03:00
selftest.c certs: Add ECDSA signature verification self-test 2024-05-14 05:01:04 +03:00
selftest.h certs: Add ECDSA signature verification self-test 2024-05-14 05:01:04 +03:00
signature.c pkcs7: Allow the signing algo to do whatever digestion it wants itself 2026-01-30 11:33:19 +00:00
verify_pefile.c include: pe.h: Fix PE definitions 2025-05-21 16:46:37 +02:00
verify_pefile.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
x509_akid.asn1 treewide: Add SPDX identifier to IETF ASN.1 modules 2023-10-27 18:04:28 +08:00
x509_cert_parser.c X.509: Fix out-of-bounds access when parsing extensions 2026-04-12 13:38:19 +08:00
x509_loader.c wifi: cfg80211: Deduplicate certificate loading 2023-01-19 14:46:45 +01:00
x509_parser.h x509: Separately calculate sha256 for blacklist 2026-01-30 11:32:23 +00:00
x509_public_key.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
x509.asn1 treewide: Add SPDX identifier to IETF ASN.1 modules 2023-10-27 18:04:28 +08:00