forked from ~ljy/RK356X_SDK_RELEASE
blame | history | patch | commit | commitdiff
hc
2024-05-14 bedbef8ad3e75a304af6361af235302bcc61d06b 
 kernel/fs/verity/signature.c
....@@ -81,6 +81,22 @@
8181 		return 0;
8282 	}
8383 
84
+	if (fsverity_keyring->keys.nr_leaves_on_tree == 0) {
85
+		/*
86
+		 * The ".fs-verity" keyring is empty, due to builtin signatures
87
+		 * being supported by the kernel but not actually being used.
88
+		 * In this case, verify_pkcs7_signature() would always return an
89
+		 * error, usually ENOKEY.  It could also be EBADMSG if the
90
+		 * PKCS#7 is malformed, but that isn't very important to
91
+		 * distinguish.  So, just skip to ENOKEY to avoid the attack
92
+		 * surface of the PKCS#7 parser, which would otherwise be
93
+		 * reachable by any task able to execute FS_IOC_ENABLE_VERITY.
94
+		 */
95
+		fsverity_err(inode,
96
+			     "fs-verity keyring is empty, rejecting signed file!");
97
+		return -ENOKEY;
98
+	}
99
+
84100 	d = kzalloc(sizeof(*d) + hash_alg->digest_size, GFP_KERNEL);
85101 	if (!d)
86102 		return -ENOMEM;