[Bug 1862187] Re: [UBUNTU 20.04] zkey: Fix display of XTS attribute for validate command
Dimitri John Ledkov
launchpad at surgut.co.uk
Thu Mar 5 12:39:37 UTC 2020
** Changed in: s390-tools (Ubuntu)
Status: New => Incomplete
** Changed in: s390-tools (Ubuntu)
Status: Incomplete => Fix Released
** Changed in: ubuntu-z-systems
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1862187
Title:
[UBUNTU 20.04] zkey: Fix display of XTS attribute for validate command
Status in Ubuntu on IBM z Systems:
Fix Released
Status in s390-tools package in Ubuntu:
Fix Released
Bug description:
Description: zkey: Fix display of XTS attribute for validate command
Symptom: The 'zkey validate' command shows an invalid value for
the XTS attribute.
Problem: Due to a use after free of the secure key, the XTS attribute
is not determined correctly, and is displayed incorrectly.
Function is_xts_key() is called with a secure key that has
already been freed and thus most likely returns false.
This bug has been introduced with feature SEC1717 "Cipher
key support" with commit 298fab68fee8 "zkey: Preparations for
introducing a new key type"
Solution: Free the secure key only after the last use.
Reproduction: Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER
and then run 'zkey validate'.
Upstream Commit ID: f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23
https://github.com/ibm-s390-tools/s390-tools/commit/f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23
Need to be applied on top of 2.12.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1862187/+subscriptions
More information about the foundations-bugs
mailing list