linux-toradex.git - Linux kernel for Apalis and Colibri modules

diff options

author	KP Singh <kpsingh@kernel.org>	2026-05-20 04:40:59 +0200
committer	Kumar Kartikeya Dwivedi <memxor@gmail.com>	2026-05-20 05:12:05 +0200
commit	49b18315be4eecfc36b75f4aecb4d40a87d68a20 (patch)
tree	e4ef3d8bf07a51dae94329119e295fad42e142d1 /kernel/module
parent	201166d79fc01b607eccdddd4e1a7189f231904b (diff)

bpf: Reject NULL data/sig in bpf_verify_pkcs7_signature

__bpf_dynptr_data() can return NULL (FILE dynptrs, any non-contiguous backing). bpf_verify_pkcs7_signature() forwards the pointer to verify_pkcs7_signature() unchecked, causing a NULL deref in asn1_ber_decoder() reachable from a sleepable BPF LSM at lsm.s/bpf. NULL-check both pointers and reject with -EINVAL. Mirrors the guards already in kernel/bpf/crypto.c. Fixes: 865b0566d8f1 ("bpf: Add bpf_verify_pkcs7_signature() kfunc") Reported-by: Xianrui Dong <dongxianrui1@gmail.com> Signed-off-by: KP Singh <kpsingh@kernel.org> Reviewed-by: Amery Hung <ameryhung@gmail.com> Acked-by: Song Liu <song@kernel.org> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/20260520024059.313468-1-kpsingh@kernel.org Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>

Diffstat (limited to 'kernel/module')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: