linux_dsm_epyc7002

mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-03-04 13:56:32 +07:00

Go to file

Takashi Iwai afdb05e9d6 lib/oid_registry.c: X.509: fix the buffer overflow in the utility function for OID string The sprint_oid() utility function doesn't properly check the buffer size that it causes that the warning in vsnprintf() be triggered. For example on v4.1 kernel: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 2357 at lib/vsprintf.c:1867 vsnprintf+0x5a7/0x5c0() ... We can trigger this issue by injecting maliciously crafted x509 cert in DER format. Just using hex editor to change the length of OID to over the length of the SEQUENCE container. For example: 0:d=0 hl=4 l= 980 cons: SEQUENCE 4:d=1 hl=4 l= 700 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 9 prim: INTEGER :9B47FAF791E7D1E3 24:d=2 hl=2 l= 13 cons: SEQUENCE 26:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption 37:d=3 hl=2 l= 0 prim: NULL 39:d=2 hl=2 l= 121 cons: SEQUENCE 41:d=3 hl=2 l= 22 cons: SET 43:d=4 hl=2 l= 20 cons: SEQUENCE <=== the SEQ length is 20 45:d=5 hl=2 l= 3 prim: OBJECT :organizationName <=== the original length is 3, change the length of OID to over the length of SEQUENCE Pawel Wieczorkiewicz reported this problem and Takashi Iwai provided patch to fix it by checking the bufsize in sprint_oid(). Link: http://lkml.kernel.org/r/20170903021646.2080-1-jlee@suse.com Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com> Reported-by: Pawel Wieczorkiewicz <pwieczorkiewicz@suse.com> Cc: David Howells <dhowells@redhat.com> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Pawel Wieczorkiewicz <pwieczorkiewicz@suse.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>		2017-09-08 18:26:49 -07:00
arch	arch/microblaze: add choice for endianness and update Makefile	2017-09-08 18:26:48 -07:00
block	block/cfq: cache rightmost rb_node	2017-09-08 18:26:49 -07:00
certs
crypto
Documentation	rbtree: cache leftmost node internally	2017-09-08 18:26:48 -07:00
drivers	lib/interval_tree: fast overlap detection	2017-09-08 18:26:49 -07:00
firmware
fs	fs/epoll: use faster rb_first_cached()	2017-09-08 18:26:49 -07:00
include	lib/rhashtable: fix comment on locks_mul default value	2017-09-08 18:26:49 -07:00
init
ipc
kernel	locking/rtmutex: replace top-waiter and pi_waiters leftmost caching	2017-09-08 18:26:49 -07:00
lib	lib/oid_registry.c: X.509: fix the buffer overflow in the utility function for OID string	2017-09-08 18:26:49 -07:00
mm	mem/memcg: cache rightmost node	2017-09-08 18:26:49 -07:00
net
samples
scripts
security
sound	linux/kernel.h: move DIV_ROUND_DOWN_ULL() macro	2017-09-08 18:26:47 -07:00
tools	tools/testing/selftests/kcmp/kcmp_test.c: add KCMP_EPOLL_TFD testing	2017-09-08 18:26:47 -07:00
usr
virt
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS	hmm: heterogeneous memory management documentation	2017-09-08 18:26:45 -07:00
Makefile
README

README

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.