Fix return code when adding keys (rhbz 1145318)

1 files changed, 45 insertions, 0 deletions

diff --git a/KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch b/KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch
new file mode 100644
index 000000000..ae6bcf543
--- /dev/null
+++ b/KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch
@@ -0,0 +1,45 @@
+From e6291fa2e457abd3ffc00855244bdff976b4134b Mon Sep 17 00:00:00 2001
+From: David Howells <dhowells@redhat.com>
+Date: Tue, 16 Sep 2014 17:29:03 +0100
+Subject: [PATCH] KEYS: Reinstate EPERM for a key type name beginning with a
+ '.'
+
+Reinstate the generation of EPERM for a key type name beginning with a '.' in
+a userspace call.  Types whose name begins with a '.' are internal only.
+
+The test was removed by:
+
+	commit a4e3b8d79a5c6d40f4a9703abf7fe3abcc6c3b8d
+	Author: Mimi Zohar <zohar@linux.vnet.ibm.com>
+	Date:   Thu May 22 14:02:23 2014 -0400
+	Subject: KEYS: special dot prefixed keyring name bug fix
+
+I think we want to keep the restriction on type name so that userspace can't
+add keys of a special internal type.
+
+Note that removal of the test causes several of the tests in the keyutils
+testsuite to fail.
+
+Signed-off-by: David Howells <dhowells@redhat.com>
+Acked-by: Vivek Goyal <vgoyal@redhat.com>
+cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
+---
+ security/keys/keyctl.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
+index e26f860e5f2e..eff88a5f5d40 100644
+--- a/security/keys/keyctl.c
++++ b/security/keys/keyctl.c
+@@ -37,6 +37,8 @@ static int key_get_type_from_user(char *type,
+ 		return ret;
+ 	if (ret == 0 || ret >= len)
+ 		return -EINVAL;
++	if (type[0] == '.')
++		return -EPERM;
+ 	type[len - 1] = '\0';
+ 	return 0;
+ }
+-- 
+1.9.3
+