Merge 3bb156a556 ("Merge tag 'fsverity-for-linus' of git://git.kernel.org/pub/scm/fs/fsverity/linux") into android-mainline
Steps on the way to 6.6-rc1 Change-Id: I5b478409bb52f4010f4ca61c3aceb025dac43837 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This commit is contained in:
@@ -226,6 +226,14 @@ void __init fsverity_check_hash_algs(void)
|
||||
if (!alg->name)
|
||||
continue;
|
||||
|
||||
/*
|
||||
* 0 must never be allocated as an FS_VERITY_HASH_ALG_* value,
|
||||
* as it is reserved for users that use 0 to mean unspecified or
|
||||
* a default value. fs/verity/ itself doesn't care and doesn't
|
||||
* have a default algorithm, but some users make use of this.
|
||||
*/
|
||||
BUG_ON(i == 0);
|
||||
|
||||
BUG_ON(alg->digest_size > FS_VERITY_MAX_DIGEST_SIZE);
|
||||
|
||||
/*
|
||||
|
||||
@@ -62,6 +62,22 @@ int fsverity_verify_signature(const struct fsverity_info *vi,
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (fsverity_keyring->keys.nr_leaves_on_tree == 0) {
|
||||
/*
|
||||
* The ".fs-verity" keyring is empty, due to builtin signatures
|
||||
* being supported by the kernel but not actually being used.
|
||||
* In this case, verify_pkcs7_signature() would always return an
|
||||
* error, usually ENOKEY. It could also be EBADMSG if the
|
||||
* PKCS#7 is malformed, but that isn't very important to
|
||||
* distinguish. So, just skip to ENOKEY to avoid the attack
|
||||
* surface of the PKCS#7 parser, which would otherwise be
|
||||
* reachable by any task able to execute FS_IOC_ENABLE_VERITY.
|
||||
*/
|
||||
fsverity_err(inode,
|
||||
"fs-verity keyring is empty, rejecting signed file!");
|
||||
return -ENOKEY;
|
||||
}
|
||||
|
||||
d = kzalloc(sizeof(*d) + hash_alg->digest_size, GFP_KERNEL);
|
||||
if (!d)
|
||||
return -ENOMEM;
|
||||
|
||||
Reference in New Issue
Block a user