Merge branch 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/…

…kernel/git/jmorris/linux-security Pull security subsystem fixes from James Morris: - Smack: fix a regression caused by 1bbc551 - X.509: fix a (usually un-seen) bug in RSA signature parsing * 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: X.509: unpack RSA signatureValue field from BIT STRING Smack: Mark inode instant in smack_task_to_inode
josf · Jun 26, 2018 · 8138350 · 8138350
2 parents 84bfed4 + b65c32e
commit 8138350
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -249,6 +249,15 @@ int x509_note_signature(void *context, size_t hdrlen,
 		return -EINVAL;
 	}
 
+	if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) {
+		/* Discard the BIT STRING metadata */
+		if (vlen < 1 || *(const u8 *)value != 0)
+			return -EBADMSG;
+
+		value++;
+		vlen--;
+	}
+
 	ctx->cert->raw_sig = value;
 	ctx->cert->raw_sig_size = vlen;
 	return 0;

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
@@ -2296,6 +2296,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
 	struct smack_known *skp = smk_of_task_struct(p);
 
 	isp->smk_inode = skp;
+	isp->smk_flags |= SMK_INODE_INSTANT;
 }
 
 /*
-Original file line number
+Diff line change
@@ Expand Up @@
     	struct smack_known *skp = smk_of_task_struct(p);
     	isp->smk_inode = skp;
+    	isp->smk_flags |= SMK_INODE_INSTANT;
     }
     /*
@@ Expand Down @@