From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Wed, 27 Aug 2025 08:18:41 +0000 (+0200)
Subject: homed: AddSigningKey: only feed data to OpenSSL _after_ Polkit auth
X-Git-Tag: v258-rc4~33
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1158545ef7783818009e9aedda9a6b8e9b6227c8;p=thirdparty%2Fsystemd.git

homed: AddSigningKey: only feed data to OpenSSL _after_ Polkit auth

As a hardening measure it makes sense not to process potentially crafted
data in `openssl_pubkey_to_pem()` before we know that the caller is
authorized to perform the action.
---

diff --git a/src/home/homed-manager-bus.c b/src/home/homed-manager-bus.c
index 920153827a1..f3526856721 100644
--- a/src/home/homed-manager-bus.c
+++ b/src/home/homed-manager-bus.c
@@ -969,6 +969,20 @@ static int method_add_signing_key(sd_bus_message *message, void *userdata, sd_bu
         if (streq(fn, "local.public"))
                 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Refusing to write local public key.");
 
+        if (hashmap_contains(m->public_keys, fn))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Public key name already exists: %s", fn);
+
+        r = bus_verify_polkit_async(
+                        message,
+                        "org.freedesktop.home1.manage-signing-keys",
+                        /* details= */ NULL,
+                        &m->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
         _cleanup_(EVP_PKEY_freep) EVP_PKEY *pkey = NULL;
         r = openssl_pubkey_from_pem(pem, /* pem_size= */ SIZE_MAX, &pkey);
         if (r == -EIO)
@@ -976,9 +990,6 @@ static int method_add_signing_key(sd_bus_message *message, void *userdata, sd_bu
         if (r < 0)
                 return r;
 
-        if (hashmap_contains(m->public_keys, fn))
-                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Public key name already exists: %s", fn);
-
         /* Make sure the local key is loaded before can detect conflicts */
         r = manager_acquire_key_pair(m);
         if (r < 0)
@@ -987,17 +998,6 @@ static int method_add_signing_key(sd_bus_message *message, void *userdata, sd_bu
         if (manager_has_public_key(m, pkey))
                 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Public key already exists: %s", fn);
 
-        r = bus_verify_polkit_async(
-                        message,
-                        "org.freedesktop.home1.manage-signing-keys",
-                        /* details= */ NULL,
-                        &m->polkit_registry,
-                        error);
-        if (r < 0)
-                return r;
-        if (r == 0)
-                return 1; /* Will call us back */
-
         _cleanup_free_ char *pem_reformatted = NULL;
         r = openssl_pubkey_to_pem(pkey, &pem_reformatted);
         if (r < 0)