• Eric Biggers's avatar
    KEYS: be careful with error codes in public_key_verify_signature() · 72f9a07b
    Eric Biggers authored
    In public_key_verify_signature(), if akcipher_request_alloc() fails, we
    return -ENOMEM.  But that error code was set 25 lines above, and by
    accident someone could easily insert new code in between that assigns to
    'ret', which would introduce a signature verification bypass.  Make the
    code clearer by moving the -ENOMEM down to where it is used.
    Additionally, the callers of public_key_verify_signature() only consider
    a negative return value to be an error.  This means that if any positive
    return value is accidentally introduced deeper in the call stack (e.g.
    'return EBADMSG' instead of 'return -EBADMSG' somewhere in RSA),
    signature verification will be bypassed.  Make things more robust by
    having public_key_verify_signature() warn about positive errors and
    translate them into -EINVAL.
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
public_key.c 4.39 KB