diff options
author | Josh Boyer <jwboyer@fedoraproject.org> | 2014-09-23 11:57:30 -0400 |
---|---|---|
committer | Josh Boyer <jwboyer@fedoraproject.org> | 2014-09-23 11:57:32 -0400 |
commit | 20c23beaf620e8b47f81f651ffbbd09f88701fae (patch) | |
tree | ba0a3cd3d6a9691e00a7466ab8a11a99b6aa1f12 /KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch | |
parent | 9dcf78723c744f491a2a26226fc63b5b92fd07d2 (diff) | |
download | kernel-20c23beaf620e8b47f81f651ffbbd09f88701fae.tar.gz kernel-20c23beaf620e8b47f81f651ffbbd09f88701fae.tar.xz kernel-20c23beaf620e8b47f81f651ffbbd09f88701fae.zip |
Fix return code when adding keys (rhbz 1145318)
Diffstat (limited to 'KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch')
-rw-r--r-- | KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch b/KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch new file mode 100644 index 000000000..ae6bcf543 --- /dev/null +++ b/KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch @@ -0,0 +1,45 @@ +From e6291fa2e457abd3ffc00855244bdff976b4134b Mon Sep 17 00:00:00 2001 +From: David Howells <dhowells@redhat.com> +Date: Tue, 16 Sep 2014 17:29:03 +0100 +Subject: [PATCH] KEYS: Reinstate EPERM for a key type name beginning with a + '.' + +Reinstate the generation of EPERM for a key type name beginning with a '.' in +a userspace call. Types whose name begins with a '.' are internal only. + +The test was removed by: + + commit a4e3b8d79a5c6d40f4a9703abf7fe3abcc6c3b8d + Author: Mimi Zohar <zohar@linux.vnet.ibm.com> + Date: Thu May 22 14:02:23 2014 -0400 + Subject: KEYS: special dot prefixed keyring name bug fix + +I think we want to keep the restriction on type name so that userspace can't +add keys of a special internal type. + +Note that removal of the test causes several of the tests in the keyutils +testsuite to fail. + +Signed-off-by: David Howells <dhowells@redhat.com> +Acked-by: Vivek Goyal <vgoyal@redhat.com> +cc: Mimi Zohar <zohar@linux.vnet.ibm.com> +--- + security/keys/keyctl.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c +index e26f860e5f2e..eff88a5f5d40 100644 +--- a/security/keys/keyctl.c ++++ b/security/keys/keyctl.c +@@ -37,6 +37,8 @@ static int key_get_type_from_user(char *type, + return ret; + if (ret == 0 || ret >= len) + return -EINVAL; ++ if (type[0] == '.') ++ return -EPERM; + type[len - 1] = '\0'; + return 0; + } +-- +1.9.3 + |