pool/s390-tools
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7230df2ed5
s390-tools/s390-tools-sles15sp2-zkey-Fix-display-of-XTS-attribute-for-validate-comma.patch
Mark Post 9d48c28fee Accepting request 777411 from home:markkp:branches:Base:System 
- Added s390-tools-sles15sp2-zkey-Fix-display-of-XTS-attribute-for-validate-comma.patch
  (bsc#1163002).
- Added s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-CCA-AESCIPHER.patch
  (bsc#1163570).
- Re-categorized s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
  from an IBM patch to a SUSE-maintained patch. (bsc#1162840)
- sign the stage3.bin bootloader stage (bsc#1163524)
- Added s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch
  (bsc#1160373).
- Added s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
  (bsc#1162840).
- Added s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch
  (bsc#1162996).
- Added s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch
  (bsc#1163003).

OBS-URL: https://build.opensuse.org/request/show/777411
OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=88
2020-02-19 19:16:44 +00:00

55 lines
1.9 KiB
Diff
Raw Blame History

Subject: [PATCH] [BZ 183669] zkey: Fix display of XTS attribute for validate command
From: Ingo Franzki <ifranzki@linux.ibm.com>
Description: zkey: Fix display of XTS attribute for validate command
Symptom: The 'zkey validate' command shows an invalid value for
the XTS attribute.
Problem: Due to a use after free of the secure key, the XTS attribute
is not determined correctly, and is displayed incorrectly.
Function is_xts_key() is called with a secure key that has
already been freed and thus most likely returns false.
This bug has been introduced with feature SEC1717 "Cipher
key support" with commit 298fab68fee8 "zkey: Preparations for
introducing a new key type"
Solution: Free the secure key only after the last use.
Reproduction: Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER
and then run 'zkey validate'.
Upstream-ID: f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23
Problem-ID: 183669
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
zkey/keystore.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/zkey/keystore.c
+++ b/zkey/keystore.c
@@ -2516,7 +2516,7 @@ static int _keystore_process_validate(st
size_t clear_key_bitsize;
size_t secure_key_size;
char *apqns = NULL;
- u8 *secure_key;
+ u8 *secure_key = NULL;
int is_old_mk;
int rc, valid;
u64 mkvp;
@@ -2550,8 +2550,7 @@ static int _keystore_process_validate(st
rc = get_master_key_verification_pattern(secure_key, secure_key_size,
&mkvp, keystore->verbose);
- free(secure_key);
- if (rc)
+ if (rc != 0)
goto out;
_keystore_print_record(info->rec, name, properties, 1,
@@ -2577,6 +2576,8 @@ static int _keystore_process_validate(st
info->num_warnings++;
out:
+ if (secure_key != NULL)
+ free(secure_key);
if (apqns != NULL)
free(apqns);
if (apqn_list != NULL)
Reference in New Issue View Git Blame Copy Permalink