From: Jarkko Sakkinen jarkko@kernel.org
stable inclusion from stable-v4.19.178 commit 643a663251e07ea55178fd9bfede9a7a4199cc24 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I664K9 CVE: NA
--------------------------------
commit 8da7520c80468c48f981f0b81fc1be6599e3b0ad upstream.
Consider the following transcript:
$ keyctl add trusted kmk "new 32 blobauth=helloworld keyhandle=80000000 migratable=1" @u add_key: Invalid argument
The documentation has the following description:
migratable= 0|1 indicating permission to reseal to new PCR values, default 1 (resealing allowed)
The consequence is that "migratable=1" should succeed. Fix this by allowing this condition to pass instead of return -EINVAL.
[*] Documentation/security/keys/trusted-encrypted.rst
Cc: stable@vger.kernel.org Cc: "James E.J. Bottomley" jejb@linux.ibm.com Cc: Mimi Zohar zohar@linux.ibm.com Cc: David Howells dhowells@redhat.com Fixes: d00a1c72f7f4 ("keys: add new trusted key-type") Signed-off-by: Jarkko Sakkinen jarkko@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: GUO Zihua guozihua@huawei.com Reviewed-by: Wang Weiyang wangweiyang2@huawei.com Signed-off-by: Yongqiang Liu liuyongqiang13@huawei.com --- security/keys/trusted.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/keys/trusted.c b/security/keys/trusted.c index 75d50e982f6f..86f5036294b6 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -796,7 +796,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay, case Opt_migratable: if (*args[0].from == '0') pay->migratable = 0; - else + else if (*args[0].from != '1') return -EINVAL; break; case Opt_pcrlock: