[RFC PATCH 2/2] dm-crypt: Use any key type which is registered
James Bottomley
James.Bottomley at HansenPartnership.com
Sat Jan 18 17:55:26 UTC 2020
On Fri, 2019-03-01 at 17:09 +0100, Franck LENORMAND wrote:
> @@ -2025,16 +2027,15 @@ static int crypt_set_keyring_key(struct
> crypt_config *cc, const char *key_string
> if (!key_desc || key_desc == key_string || !strlen(key_desc
> + 1))
> return -EINVAL;
>
> - if (strncmp(key_string, "logon:", key_desc - key_string + 1)
> &&
> - strncmp(key_string, "user:", key_desc - key_string + 1))
> - return -EINVAL;
> + type = get_key_type(key_string, key_desc - key_string);
> + if (!type)
> + return -ENOENT;
You can't do this. This check ensures that the key responds correctly
to user_key_payload_locked() lower down. To do that, the payload has
to be in a specific form. You ensured that yours are, but dm-crypt
will now accept any key type, load the user payload blindly and create
all sorts of mayhem in the kernel because of the structural differences
in payload types.
James
More information about the Linux-security-module-archive
mailing list