summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2008-09-24 11:32:59 -0400
committerSteve French <sfrench@us.ibm.com>2008-09-24 20:59:37 +0000
commitdfd15c46a6c2cafb006183c0c14f07e59eee4ac0 (patch)
treebfd9c0f4be99841c2638bfe6985676bb789b0610
parentd9414774dc0c7b395036deeca000af42e2d13612 (diff)
downloadkernel-crypto-dfd15c46a6c2cafb006183c0c14f07e59eee4ac0.tar.gz
kernel-crypto-dfd15c46a6c2cafb006183c0c14f07e59eee4ac0.tar.xz
kernel-crypto-dfd15c46a6c2cafb006183c0c14f07e59eee4ac0.zip
cifs: explicitly revoke SPNEGO key after session setup
cifs: explicitly revoke SPNEGO key after session setup The SPNEGO blob returned by an upcall can only be used once. Explicitly revoke it to make sure that we never pick it up again after session setup exits. This doesn't seem to be that big an issue on more recent kernels, but older kernels seem to link keys into the session keyring by default. That said, explicitly revoking the key seems like a reasonable thing to do here. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/cifs/sess.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 252fdc0567f..2851d5da0c8 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -624,8 +624,10 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time,
ses, nls_cp);
ssetup_exit:
- if (spnego_key)
+ if (spnego_key) {
+ key_revoke(spnego_key);
key_put(spnego_key);
+ }
kfree(str_area);
if (resp_buf_type == CIFS_SMALL_BUFFER) {
cFYI(1, ("ssetup freeing small buf %p", iov[0].iov_base));