aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Howells2011-03-11 11:57:33 -0600
committerJames Morris2011-03-16 19:59:49 -0500
commit4aab1e896a0a9d57420ff2867caa5a369123d8cb (patch)
tree92212870353a9493c10fb46a0dd9b6ce27230012
parent78b7280cce23293f7570ad52c1ffe1485c6d9669 (diff)
downloadam43-linux-kernel-4aab1e896a0a9d57420ff2867caa5a369123d8cb.tar.gz
am43-linux-kernel-4aab1e896a0a9d57420ff2867caa5a369123d8cb.tar.xz
am43-linux-kernel-4aab1e896a0a9d57420ff2867caa5a369123d8cb.zip
KEYS: Make request_key() and co. return an error for a negative key
Make request_key() and co. return an error for a negative or rejected key. If the key was simply negated, then return ENOKEY, otherwise return the error with which it was rejected. Without this patch, the following command returns a key number (with the latest keyutils): [root@andromeda ~]# keyctl request2 user debug:foo rejected @s 586569904 Trying to print the key merely gets you a permission denied error: [root@andromeda ~]# keyctl print 586569904 keyctl_read_alloc: Permission denied Doing another request_key() call does get you the error, as long as it hasn't expired yet: [root@andromeda ~]# keyctl request user debug:foo request_key: Key was rejected by service Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/keys/keyctl.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 427fddcaeb1..eca51918c95 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -206,8 +206,14 @@ SYSCALL_DEFINE4(request_key, const char __user *, _type,
206 goto error5; 206 goto error5;
207 } 207 }
208 208
209 /* wait for the key to finish being constructed */
210 ret = wait_for_key_construction(key, 1);
211 if (ret < 0)
212 goto error6;
213
209 ret = key->serial; 214 ret = key->serial;
210 215
216error6:
211 key_put(key); 217 key_put(key);
212error5: 218error5:
213 key_type_put(ktype); 219 key_type_put(ktype);