smb: client: reject userspace cifs.spnego descriptions (3da1fdf4) · Commits · git / linux-nf

fs/smb/client/cifs_spnego.c

+16 −0

Original line number	Diff line number	Diff line
		@@ -8,6 +8,7 @@
		*/

		#include <linux/list.h>
		#include <linux/cred.h>
		#include <linux/slab.h>
		#include <linux/string.h>
		#include <keys/user-type.h>
		@@ -40,12 +41,27 @@ cifs_spnego_key_destroy(struct key *key)
		kfree(key->payload.data[0]);
		}

		static int
		cifs_spnego_key_vet_description(const char *description)
		{
		/*
		* cifs.spnego descriptions are authority-bearing inputs to cifs.upcall.
		* They are only valid when produced by CIFS while using the private
		* spnego_cred installed below. Do not let userspace create this type
		* of key through request_key(2)/add_key(2), since the helper treats
		* pid/uid/creduid/upcall_target as kernel-originating fields.
		*/
		if (current_cred() != spnego_cred)
		return -EPERM;
		return 0;
		}

		/*
		* keytype for CIFS spnego keys
		*/
		struct key_type cifs_spnego_key_type = {
		.name = "cifs.spnego",
		.vet_description = cifs_spnego_key_vet_description,
		.instantiate = cifs_spnego_key_instantiate,
		.destroy = cifs_spnego_key_destroy,
		.describe = user_describe,