linux-dev/net/rxrpc/key.c, branch linus/master

rxrpc: Fix handling of an unsupported token type in rxrpc_read()

2021-01-13T18:38:00Z

Clang static analysis reports the following: net/rxrpc/key.c:657:11: warning: Assigned value is garbage or undefined toksize = toksizes[tok++]; ^ ~~~~~~~~~~~~~~~ rxrpc_read() contains two consecutive loops. The first loop calculates the token sizes and stores the results in toksizes[] and the second one uses the array. When there is an error in identifying the token in the first loop, the token is skipped, no change is made to the toksizes[] array. When the same error happens in the second loop, the token is not skipped. This will cause the toksizes[] array to be out of step and will overrun past the calculated sizes. Fix this by making both loops log a message and return an error in this case. This should only happen if a new token type is incompletely implemented, so it should normally be impossible to trigger this. Fixes: 9a059cd5ca7d ("rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read()") Reported-by: Tom Rix Signed-off-by: David Howells Reviewed-by: Tom Rix Link: https://lore.kernel.org/r/161046503122.2445787.16714129930607546635.stgit@warthog.procyon.org.uk Signed-off-by: Jakub Kicinski

rxrpc: Fix example key name in a comment

2020-11-23T18:09:30Z

Fix an example of an rxrpc key name in a comment. Signed-off-by: David Howells

rxrpc: Ignore unknown tokens in key payload unless no known tokens

2020-11-23T18:09:30Z

When parsing a payload for an rxrpc-type key, ignore any tokens that are not of a known type and don't give an error for them - unless there are no tokens of a known type. Signed-off-by: David Howells

rxrpc: Make the parsing of xdr payloads more coherent

2020-11-23T18:09:30Z

Make the parsing of xdr-encoded payloads, as passed to add_key, more coherent. Shuttling back and forth between various variables was a bit hard to follow. Signed-off-by: David Howells

rxrpc: Don't leak the service-side session key to userspace

2020-11-23T18:09:29Z

Don't let someone reading a service-side rxrpc-type key get access to the session key that was exchanged with the client. The server application will, at some point, need to be able to read the information in the ticket, but this probably shouldn't include the key material. Signed-off-by: David Howells

rxrpc: Split the server key type (rxrpc_s) into its own file

2020-11-23T18:09:29Z

Split the server private key type (rxrpc_s) out into its own file rather than mingling it with the authentication/client key type (rxrpc) since they don't really bear any relation. Signed-off-by: David Howells

rxrpc: List the held token types in the key description in /proc/keys

2020-11-23T18:09:29Z

When viewing an rxrpc-type key through /proc/keys, display a list of held token types. Signed-off-by: David Howells

rxrpc: Remove the rxk5 security class as it's now defunct

2020-11-23T18:09:29Z

Remove the rxrpc rxk5 security class as it's now defunct and nothing uses it anymore. Signed-off-by: David Howells

rxrpc: Fix server keyring leak

2020-10-05T16:09:22Z

If someone calls setsockopt() twice to set a server key keyring, the first keyring is leaked. Fix it to return an error instead if the server key keyring is already set. Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both") Signed-off-by: David Howells

rxrpc: The server keyring isn't network-namespaced

2020-10-05T15:36:06Z

The keyring containing the server's tokens isn't network-namespaced, so it shouldn't be looked up with a network namespace. It is expected to be owned specifically by the server, so namespacing is unnecessary. Fixes: a58946c158a0 ("keys: Pass the network namespace into request_key mechanism") Signed-off-by: David Howells