[PATCH 0/3] KEYS: Miscellaneous fixes

From: David Howells
Date: Sun Jul 17 2016 - 19:10:39 EST

Next message: David Howells: "[PATCH 1/3] PKCS#7: Fix panic when referring to the empty AKID when DEBUG defined"
Previous message: Waiman Long: "Re: [PATCH v2 2/5] locking/pvqspinlock: Fix missed PV wakeup problem"
Next in thread: David Howells: "[PATCH 1/3] PKCS#7: Fix panic when referring to the empty AKID when DEBUG defined"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi James,

Here are three miscellaneous fixes:

(1) Fix a panic in some debugging code in PKCS#7. This can only happen by
explicitly inserting a #define DEBUG into the code.

(2) Fix the calculation of the digest length in the PE file parser. This
causes a failure where there should be a success.

(3) Fix the case where an X.509 cert can be added as an asymmetric key to
a trusted keyring with no trust restriction if no AKID is supplied.

Bugs (1) and (2) aren't particularly problematic, but (3) allows a security
check to be bypassed. Bug (3) is added since the 4.6 kernel.

The patches can be found here also:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes

at tag:

keys-fixes-20160718

David
---
Lans Zhang (2):
PKCS#7: Fix panic when referring to the empty AKID when DEBUG defined
pefile: Fix the failure of calculation for digest

Mat Martineau (1):
KEYS: Fix for erroneous trust of incorrectly signed X.509 certs

crypto/asymmetric_keys/mscode_parser.c | 7 ++++++-
crypto/asymmetric_keys/pkcs7_verify.c | 2 +-
crypto/asymmetric_keys/restrict.c | 2 +-
3 files changed, 8 insertions(+), 3 deletions(-)

Next message: David Howells: "[PATCH 1/3] PKCS#7: Fix panic when referring to the empty AKID when DEBUG defined"
Previous message: Waiman Long: "Re: [PATCH v2 2/5] locking/pvqspinlock: Fix missed PV wakeup problem"
Next in thread: David Howells: "[PATCH 1/3] PKCS#7: Fix panic when referring to the empty AKID when DEBUG defined"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]