backport patches to fix crash and OOB on unknown hash signature algorithm.

Reference： https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/?id=d5950b0b5e66a5ec1c21b638dec3974056aaabeb https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/?id=b9605c63b859adfffc0b4b9420d720aa323b90e9 close issue：https://gitee.com/src-openeuler/kmod/issues/I6MHYS?from=project-issue Signed-off-by: Hangliang Lai <laihangliang1@huawei.com>
2023-03-26 16:29:07 +08:00 · 2023-03-26 16:29:07 +08:00 · 2e4ca2482b
commit 2e4ca2482b
parent a3cc80fafd
3 changed files with 91 additions and 1 deletions
--- a/backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
+++ b/backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
@ -0,0 +1,40 @@
+From d5950b0b5e66a5ec1c21b638dec3974056aaabeb Mon Sep 17 00:00:00 2001
+From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
+Date: Sun, 25 Sep 2022 17:46:08 +0300
+Subject: libkmod: do not crash on unknown signature algorithm
+
+Conflict:NA
+Reference:https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit?id=d5950b0b5e66a5ec1c21b638dec3974056aaabeb
+
+Example kernel module:
+https://file-store.rosalinux.ru/download/7281f97e0c04c0f818ad3f936706f4a407e8dc7e
+(/lib/modules/5.15.67-generic-1rosa2021.1-x86_64/kernel/drivers/usb/host/xhci-pci.ko.zst)
+It is signed with Streebog 512.
+
+libkmod v30 crashed in libkmod-module.c:2413 in this code:
+
+n = kmod_module_info_append(list,
+	"sig_hashalgo", strlen("sig_hashalgo"),
+	sig_info.hash_algo, strlen(sig_info.hash_algo));
+
+because strlen() got null.
+---
+ libkmod/libkmod-signature.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
+index 4ae5af6..092f396 100644
+--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
+@@ -278,6 +278,9 @@ static bool fill_pkcs7(const char *mem, off_t size,
+ 	X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
+ 
+ 	sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
+	// hash algo has not been recognized
+	if (sig_info->hash_algo == NULL)
+		goto err3;
+ 	sig_info->id_type = pkey_id_type[modsig->id_type];
+ 
+ 	pvt = malloc(sizeof(*pvt));
+-- 
+cgit 
--- a/backport-libkmod-error-out-on-unknown-hash-algorithm.patch
+++ b/backport-libkmod-error-out-on-unknown-hash-algorithm.patch
@ -0,0 +1,45 @@
+From b9605c63b859adfffc0b4b9420d720aa323b90e9 Mon Sep 17 00:00:00 2001
+From: Emil Velikov <emil.velikov@collabora.com>
+Date: Mon, 6 Feb 2023 14:32:59 +0000
+Subject: [PATCH 2/9] libkmod: error out on unknown hash algorithm
+
+Currently if we see unknown algorithm, we'll do an OOB read in
+pkey_hash_algo. This can happen for example if OPENSSL_NO_SM3 is set and
+the kernel module uses a SM3 hash.
+
+Cc: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
+Cc: Lucas De Marchi <lucas.demarchi@intel.com>
+Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
+Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
+Signed-off-by: Hangliang Lai <laihangliang1@huawei.com>
+---
+ libkmod/libkmod-signature.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
+index 092f396..b749a81 100644
+--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
+@@ -219,6 +219,7 @@ static bool fill_pkcs7(const char *mem, off_t size,
+ 	unsigned char *key_id_str;
+ 	struct pkcs7_private *pvt;
+ 	const char *issuer_str;
+	int hash_algo;
+ 
+ 	size -= sig_len;
+ 	pkcs7_raw = mem + size;
+@@ -277,7 +278,10 @@ static bool fill_pkcs7(const char *mem, off_t size,
+ 
+ 	X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
+ 
+-	sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
+	hash_algo = obj_to_hash_algo(o);
+	if (hash_algo < 0)
+		goto err3;
+	sig_info->hash_algo = pkey_hash_algo[hash_algo];
+ 	// hash algo has not been recognized
+ 	if (sig_info->hash_algo == NULL)
+ 		goto err3;
+-- 
+2.30.0
+
--- a/kmod.spec
+++ b/kmod.spec
@ -1,6 +1,6 @@
 Name:           kmod
 Version:        29
-Release:        5
+Release:        6
 Summary:        Kernel module management
 # GPLv2+ is used by programs, LGPLv2+ is used for libraries.
 License:        GPLv2+ and LGPLv2+
@ -14,6 +14,8 @@ Patch2:		0002-Module-replace-the-module-with-new-module.patch
 Patch3:		0003-Module-suspend-the-module-by-rmmod-r-option.patch
 Patch4: 	0004-don-t-check-module-s-refcnt-when-rmmod-with-r.patch
 Patch5:		backport-libkmod-Support-SM3-hash-algorithm.patch
+Patch6:         backport-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
+Patch7:         backport-libkmod-error-out-on-unknown-hash-algorithm.patch

 BuildRequires:  gcc chrpath zlib-devel xz-devel libxslt openssl-devel

@ -121,6 +123,9 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
 %doc TODO NEWS README

 %changelog
+* Sun Mar 26 2023 Hangliang Lai <laihangliang1@huawei.com> - 29-6
+- fix crash and OOB on unknown hash signature algorithm.
+
 * Fri Nov 18 2022 luhuaxin <luhuaxin1@huawei.com> - 29-5
 - add support for sm3 hash algorithm.