Commit d2ae4e91 authored by David Howells's avatar David Howells

rxrpc: Don't leak the service-side session key to userspace

Don't let someone reading a service-side rxrpc-type key get access to the
session key that was exchanged with the client.  The server application
will, at some point, need to be able to read the information in the ticket,
but this probably shouldn't include the key material.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
parent 12da59fc
...@@ -36,6 +36,7 @@ struct rxkad_key { ...@@ -36,6 +36,7 @@ struct rxkad_key {
*/ */
struct rxrpc_key_token { struct rxrpc_key_token {
u16 security_index; /* RxRPC header security index */ u16 security_index; /* RxRPC header security index */
bool no_leak_key; /* Don't copy the key to userspace */
struct rxrpc_key_token *next; /* the next token in the list */ struct rxrpc_key_token *next; /* the next token in the list */
union { union {
struct rxkad_key *kad; struct rxkad_key *kad;
......
...@@ -579,6 +579,7 @@ static long rxrpc_read(const struct key *key, ...@@ -579,6 +579,7 @@ static long rxrpc_read(const struct key *key,
case RXRPC_SECURITY_RXKAD: case RXRPC_SECURITY_RXKAD:
toksize += 8 * 4; /* viceid, kvno, key*2, begin, toksize += 8 * 4; /* viceid, kvno, key*2, begin,
* end, primary, tktlen */ * end, primary, tktlen */
if (!token->no_leak_key)
toksize += RND(token->kad->ticket_len); toksize += RND(token->kad->ticket_len);
break; break;
...@@ -654,6 +655,9 @@ static long rxrpc_read(const struct key *key, ...@@ -654,6 +655,9 @@ static long rxrpc_read(const struct key *key,
ENCODE(token->kad->start); ENCODE(token->kad->start);
ENCODE(token->kad->expiry); ENCODE(token->kad->expiry);
ENCODE(token->kad->primary_flag); ENCODE(token->kad->primary_flag);
if (token->no_leak_key)
ENCODE(0);
else
ENCODE_DATA(token->kad->ticket_len, token->kad->ticket); ENCODE_DATA(token->kad->ticket_len, token->kad->ticket);
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment