From bb7b4116f8f600c269620709fa1f86c38fb829a9 Mon Sep 17 00:00:00 2001 From: Lai Hangliang Date: Sun, 26 Mar 2023 16:29:07 +0800 Subject: [PATCH] backport patches to fix crash and OOB on unknown hash signature algorithm. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reference: https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/?id=d5950b0b5e66a5ec1c21b638dec3974056aaabeb https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/?id=b9605c63b859adfffc0b4b9420d720aa323b90e9 close issue:https://gitee.com/src-openeuler/kmod/issues/I6MHYS?from=project-issue Signed-off-by: Hangliang Lai (cherry picked from commit 2e4ca2482b5930b45f3a4a4518647f2491357829) --- ...crash-on-unknown-signature-algorithm.patch | 40 +++++++++++++++++ ...-error-out-on-unknown-hash-algorithm.patch | 45 +++++++++++++++++++ kmod.spec | 7 ++- 3 files changed, 91 insertions(+), 1 deletion(-) create mode 100644 backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch create mode 100644 backport-libkmod-error-out-on-unknown-hash-algorithm.patch diff --git a/backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch b/backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch new file mode 100644 index 0000000..78cc8a9 --- /dev/null +++ b/backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch @@ -0,0 +1,40 @@ +From d5950b0b5e66a5ec1c21b638dec3974056aaabeb Mon Sep 17 00:00:00 2001 +From: Mikhail Novosyolov +Date: Sun, 25 Sep 2022 17:46:08 +0300 +Subject: libkmod: do not crash on unknown signature algorithm + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit?id=d5950b0b5e66a5ec1c21b638dec3974056aaabeb + +Example kernel module: +https://file-store.rosalinux.ru/download/7281f97e0c04c0f818ad3f936706f4a407e8dc7e +(/lib/modules/5.15.67-generic-1rosa2021.1-x86_64/kernel/drivers/usb/host/xhci-pci.ko.zst) +It is signed with Streebog 512. + +libkmod v30 crashed in libkmod-module.c:2413 in this code: + +n = kmod_module_info_append(list, + "sig_hashalgo", strlen("sig_hashalgo"), + sig_info.hash_algo, strlen(sig_info.hash_algo)); + +because strlen() got null. +--- + libkmod/libkmod-signature.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c +index 4ae5af6..092f396 100644 +--- a/libkmod/libkmod-signature.c ++++ b/libkmod/libkmod-signature.c +@@ -278,6 +278,9 @@ static bool fill_pkcs7(const char *mem, off_t size, + X509_ALGOR_get0(&o, NULL, NULL, dig_alg); + + sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)]; ++ // hash algo has not been recognized ++ if (sig_info->hash_algo == NULL) ++ goto err3; + sig_info->id_type = pkey_id_type[modsig->id_type]; + + pvt = malloc(sizeof(*pvt)); +-- +cgit diff --git a/backport-libkmod-error-out-on-unknown-hash-algorithm.patch b/backport-libkmod-error-out-on-unknown-hash-algorithm.patch new file mode 100644 index 0000000..a9903b2 --- /dev/null +++ b/backport-libkmod-error-out-on-unknown-hash-algorithm.patch @@ -0,0 +1,45 @@ +From b9605c63b859adfffc0b4b9420d720aa323b90e9 Mon Sep 17 00:00:00 2001 +From: Emil Velikov +Date: Mon, 6 Feb 2023 14:32:59 +0000 +Subject: [PATCH 2/9] libkmod: error out on unknown hash algorithm + +Currently if we see unknown algorithm, we'll do an OOB read in +pkey_hash_algo. This can happen for example if OPENSSL_NO_SM3 is set and +the kernel module uses a SM3 hash. + +Cc: Mikhail Novosyolov +Cc: Lucas De Marchi +Signed-off-by: Emil Velikov +Signed-off-by: Lucas De Marchi +Signed-off-by: Hangliang Lai +--- + libkmod/libkmod-signature.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c +index 092f396..b749a81 100644 +--- a/libkmod/libkmod-signature.c ++++ b/libkmod/libkmod-signature.c +@@ -219,6 +219,7 @@ static bool fill_pkcs7(const char *mem, off_t size, + unsigned char *key_id_str; + struct pkcs7_private *pvt; + const char *issuer_str; ++ int hash_algo; + + size -= sig_len; + pkcs7_raw = mem + size; +@@ -277,7 +278,10 @@ static bool fill_pkcs7(const char *mem, off_t size, + + X509_ALGOR_get0(&o, NULL, NULL, dig_alg); + +- sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)]; ++ hash_algo = obj_to_hash_algo(o); ++ if (hash_algo < 0) ++ goto err3; ++ sig_info->hash_algo = pkey_hash_algo[hash_algo]; + // hash algo has not been recognized + if (sig_info->hash_algo == NULL) + goto err3; +-- +2.30.0 + diff --git a/kmod.spec b/kmod.spec index d1be53f..5f52f1f 100644 --- a/kmod.spec +++ b/kmod.spec @@ -1,6 +1,6 @@ Name: kmod Version: 29 -Release: 5 +Release: 6 Summary: Kernel module management # GPLv2+ is used by programs, LGPLv2+ is used for libraries. License: GPLv2+ and LGPLv2+ @@ -14,6 +14,8 @@ Patch2: 0002-Module-replace-the-module-with-new-module.patch Patch3: 0003-Module-suspend-the-module-by-rmmod-r-option.patch Patch4: 0004-don-t-check-module-s-refcnt-when-rmmod-with-r.patch Patch5: backport-libkmod-Support-SM3-hash-algorithm.patch +Patch6: backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch +Patch7: backport-libkmod-error-out-on-unknown-hash-algorithm.patch BuildRequires: gcc chrpath zlib-devel xz-devel libxslt openssl-devel @@ -121,6 +123,9 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf %doc TODO NEWS README %changelog +* Sun Mar 26 2023 Hangliang Lai - 29-6 +- fix crash and OOB on unknown hash signature algorithm. + * Fri Nov 18 2022 luhuaxin - 29-5 - add support for sm3 hash algorithm. -- Gitee