lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20151218000224.29483.61861.stgit@warthog.procyon.org.uk>
Date:	Fri, 18 Dec 2015 00:02:24 +0000
From:	David Howells <dhowells@...hat.com>
To:	keyrings@...r.kernel.org
Cc:	David Woodhouse <David.Woodhouse@...el.com>,
	Arnd Bergmann <arnd@...db.de>, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org, dhowells@...hat.com,
	linux-security-module@...r.kernel.org,
	Rudolf Polzer <rpolzer@...gle.com>,
	John Stultz <john.stultz@...aro.org>
Subject: [PATCH 5/5] X.509: Handle midnight alternative notation in
 GeneralizedTime

The ASN.1 GeneralizedTime object carries an ISO8601 format date and time.
The time is permitted to show midnight as 00:00 or 24:00 (the latter being
equivalent of 00:00 of the following day).

The permitted value is checked in x509_decode_time() but the actual
handling is left to mktime64().

Without this patch, certain X.509 certificates will be rejected and could
lead to an unbootable kernel.

Reported-by: Rudolf Polzer <rpolzer@...gle.com>
Signed-off-by: David Howells <dhowells@...hat.com>
cc: David Woodhouse <David.Woodhouse@...el.com>
cc: John Stultz <john.stultz@...aro.org>
cc: Arnd Bergmann <arnd@...db.de>
cc: stable@...r.kernel.org
---

 crypto/asymmetric_keys/x509_cert_parser.c |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 9be2caebc57b..b9de251c419c 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -497,7 +497,7 @@ int x509_decode_time(time64_t *_t,  size_t hdrlen,
 	static const unsigned char month_lengths[] = { 31, 28, 31, 30, 31, 30,
 						       31, 31, 30, 31, 30, 31 };
 	const unsigned char *p = value;
-	unsigned year, mon, day, hour, min, sec, mon_len, max_sec;
+	unsigned year, mon, day, hour, min, sec, mon_len, max_sec, max_hour;
 
 #define dec2bin(X) ({ unsigned char x = (X) - '0'; if (x > 9) goto invalid_time; x; })
 #define DD2bin(P) ({ unsigned x = dec2bin(P[0]) * 10 + dec2bin(P[1]); P += 2; x; })
@@ -512,6 +512,7 @@ int x509_decode_time(time64_t *_t,  size_t hdrlen,
 		else
 			year += 2000;
 		max_sec = 59;
+		max_hour = 23;
 	} else if (tag == ASN1_GENTIM) {
 		/* GenTime: YYYYMMDDHHMMSSZ */
 		if (vlen != 15)
@@ -520,6 +521,7 @@ int x509_decode_time(time64_t *_t,  size_t hdrlen,
 		if (year >= 1950 && year <= 2049)
 			goto invalid_time;
 		max_sec = 60; /* ISO 8601 permits leap seconds [X.680 46.3] */
+		max_hour = 24;
 	} else {
 		goto unsupported_time;
 	}
@@ -550,11 +552,17 @@ int x509_decode_time(time64_t *_t,  size_t hdrlen,
 	}
 
 	if (day < 1 || day > mon_len ||
-	    hour > 23 ||
+	    hour > max_hour ||
 	    min > 59 ||
 	    sec > max_sec)
 		goto invalid_time;
 
+	/* GeneralizedTime, encoded as ISO 8601, also permits 24:00 today as an
+	 * alternative for 00:00 tomorrow.
+	 */
+	if (hour == 24 && (min != 0 || sec != 0))
+		goto invalid_time;
+
 	*_t = mktime64(year, mon, day, hour, min, sec);
 	return 0;
 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ