From 5336a1d1c0815da3e3b9e57f2ca9d04de3bc65dc Mon Sep 17 00:00:00 2001 From: Michal Suchanek Date: Thu, 8 Mar 2018 18:30:46 +0100 Subject: [PATCH] libkmod-signature: Fix crash when module signature is not present. Signed-off-by: Michal Suchanek --- libkmod/libkmod-internal.h | 2 +- libkmod/libkmod-module.c | 21 +++++++++--------- libkmod/libkmod-signature.c | 53 +++++++++++++++++++++++++-------------------- 3 files changed, 42 insertions(+), 34 deletions(-) diff --git a/libkmod/libkmod-internal.h b/libkmod/libkmod-internal.h index 2ad74c7a33a5..8bc9ecfb906e 100644 --- a/libkmod/libkmod-internal.h +++ b/libkmod/libkmod-internal.h @@ -192,5 +192,5 @@ struct kmod_signature_info { void (*free)(void *); void *private; }; -bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signature_info *sig_info) _must_check_ __attribute__((nonnull(1, 2))); +struct kmod_signature_info *kmod_module_signature_info(const struct kmod_file *file) _must_check_ __attribute__((nonnull(1))); void kmod_module_signature_info_free(struct kmod_signature_info *sig_info) __attribute__((nonnull)); diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c index 7b00d526edec..cbe35819932e 100644 --- a/libkmod/libkmod-module.c +++ b/libkmod/libkmod-module.c @@ -2304,7 +2304,7 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_ struct kmod_elf *elf; char **strings; int i, count, ret = -ENOMEM; - struct kmod_signature_info sig_info; + struct kmod_signature_info *sig_info = NULL; if (mod == NULL || list == NULL) return -ENOENT; @@ -2341,32 +2341,32 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_ goto list_error; } - if (kmod_module_signature_info(mod->file, &sig_info)) { + if (sig_info = kmod_module_signature_info(mod->file)) { struct kmod_list *n; n = kmod_module_info_append(list, "sig_id", strlen("sig_id"), - sig_info.id_type, strlen(sig_info.id_type)); + sig_info->id_type, strlen(sig_info->id_type)); if (n == NULL) goto list_error; count++; n = kmod_module_info_append(list, "signer", strlen("signer"), - sig_info.signer, sig_info.signer_len); + sig_info->signer, sig_info->signer_len); if (n == NULL) goto list_error; count++; n = kmod_module_info_append_hex(list, "sig_key", strlen("sig_key"), - sig_info.key_id, - sig_info.key_id_len); + sig_info->key_id, + sig_info->key_id_len); if (n == NULL) goto list_error; count++; n = kmod_module_info_append(list, "sig_hashalgo", strlen("sig_hashalgo"), - sig_info.hash_algo, strlen(sig_info.hash_algo)); + sig_info->hash_algo, strlen(sig_info->hash_algo)); if (n == NULL) goto list_error; count++; @@ -2377,8 +2377,8 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_ */ n = kmod_module_info_append_hex(list, "signature", strlen("signature"), - sig_info.sig, - sig_info.sig_len); + sig_info->sig, + sig_info->sig_len); if (n == NULL) goto list_error; @@ -2389,7 +2389,8 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_ list_error: /* aux structures freed in normal case also */ - kmod_module_signature_info_free(&sig_info); + if (sig_info) + kmod_module_signature_info_free(sig_info); if (ret < 0) { kmod_module_info_free_list(*list); diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c index bdf84cb14718..fae074e6dd1d 100644 --- a/libkmod/libkmod-signature.c +++ b/libkmod/libkmod-signature.c @@ -93,13 +93,17 @@ struct module_signature { uint32_t sig_len; /* Length of signature data (big endian) */ }; -static bool +static struct kmod_signature_info * kmod_module_signature_info_default(const char *mem, off_t size, const struct module_signature *modsig, - size_t sig_len, - struct kmod_signature_info *sig_info) + size_t sig_len) { + struct kmod_signature_info *sig_info = malloc(sizeof *sig_info); + + if (!sig_info) + return NULL; + size -= sig_len; sig_info->sig = mem + size; sig_info->sig_len = sig_len; @@ -119,7 +123,7 @@ kmod_module_signature_info_default(const char *mem, sig_info->free = NULL; sig_info->private = NULL; - return true; + return sig_info; } static void kmod_module_signature_info_pkcs7_free(void *s) @@ -129,13 +133,13 @@ static void kmod_module_signature_info_pkcs7_free(void *s) pkcs7_free_cert(si->private); } -static bool +static struct kmod_signature_info * kmod_module_signature_info_pkcs7(const char *mem, off_t size, const struct module_signature *modsig, - size_t sig_len, - struct kmod_signature_info *sig_info) + size_t sig_len) { + struct kmod_signature_info *sig_info = NULL; const char *pkcs7_raw; struct pkcs7_cert *cert; @@ -144,7 +148,13 @@ kmod_module_signature_info_pkcs7(const char *mem, cert = pkcs7_parse_cert(pkcs7_raw, sig_len); if (cert == NULL) - return false; + return NULL; + + sig_info = malloc(sizeof *sig_info); + if (!sig_info) { + free(cert); + return NULL; + } sig_info->private = cert; sig_info->free = kmod_module_signature_info_pkcs7_free; @@ -162,7 +172,7 @@ kmod_module_signature_info_pkcs7(const char *mem, sig_info->hash_algo = cert->hash_algo; sig_info->id_type = pkey_id_type[modsig->id_type]; - return true; + return sig_info; } #define SIG_MAGIC "~Module signature appended~\n" @@ -178,48 +188,45 @@ kmod_module_signature_info_pkcs7(const char *mem, * [ SIG_MAGIC ] */ -bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signature_info *sig_info) +struct kmod_signature_info *kmod_module_signature_info(const struct kmod_file *file) { const char *mem; off_t size; const struct module_signature *modsig; size_t sig_len; - bool ret; size = kmod_file_get_size(file); mem = kmod_file_get_contents(file); if (size < (off_t)strlen(SIG_MAGIC)) - return false; + return NULL; size -= strlen(SIG_MAGIC); if (memcmp(SIG_MAGIC, mem + size, strlen(SIG_MAGIC)) != 0) - return false; + return NULL; if (size < (off_t)sizeof(struct module_signature)) - return false; + return NULL; size -= sizeof(struct module_signature); modsig = (struct module_signature *)(mem + size); if (modsig->algo >= PKEY_ALGO__LAST || modsig->hash >= PKEY_HASH__LAST || modsig->id_type >= PKEY_ID_TYPE__LAST) - return false; + return NULL; sig_len = be32toh(get_unaligned(&modsig->sig_len)); if (sig_len == 0 || size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len)) - return false; + return NULL; if (modsig->id_type == PKEY_ID_PKCS7) - ret = kmod_module_signature_info_pkcs7(mem, size, - modsig, sig_len, - sig_info); + return kmod_module_signature_info_pkcs7(mem, size, + modsig, sig_len); else - ret = kmod_module_signature_info_default(mem, size, - modsig, sig_len, - sig_info); - return ret; + return kmod_module_signature_info_default(mem, size, + modsig, sig_len); } void kmod_module_signature_info_free(struct kmod_signature_info *sig_info) { if (sig_info->free) sig_info->free(sig_info); + free(sig_info); } -- 2.13.6