KEYS: refcount bug fix
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 7 Jan 2016 12:46:36 +0000 (07:46 -0500)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 7 Jan 2016 17:56:42 +0000 (12:56 -0500)
This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP
test before setting the flag, and cleans up the if/then brackets style
introduced in commit:
d3600bc KEYS: prevent keys from being removed from specified keyrings

Reported-by: David Howells <dhowells@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>
security/keys/key.c
security/keys/keyctl.c

index 09ef276c4bdcaf8e0c419df61d1cd7b07bf5253c..07a87311055c5b50916c87f2117f4c70b0321cfd 100644 (file)
@@ -430,8 +430,7 @@ static int __key_instantiate_and_link(struct key *key,
 
                        /* and link it into the destination keyring */
                        if (keyring) {
-                               if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-                                       set_bit(KEY_FLAG_KEEP, &key->flags);
+                               set_bit(KEY_FLAG_KEEP, &key->flags);
 
                                __key_link(key, _edit);
                        }
index e83ec6b9eb9dc6255dce0edc29d65c7d8a326f9c..8f9f323f372ba9d71218d049eca01742b6be1d87 100644 (file)
@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id)
        }
 
        key = key_ref_to_ptr(key_ref);
+       ret = 0;
        if (test_bit(KEY_FLAG_KEEP, &key->flags))
-               return -EPERM;
-       else {
+               ret = -EPERM;
+       else
                key_revoke(key);
-               ret = 0;
-       }
 
        key_ref_put(key_ref);
 error:
@@ -432,12 +431,11 @@ long keyctl_invalidate_key(key_serial_t id)
 
 invalidate:
        key = key_ref_to_ptr(key_ref);
+       ret = 0;
        if (test_bit(KEY_FLAG_KEEP, &key->flags))
                ret = -EPERM;
-       else {
+       else
                key_invalidate(key);
-               ret = 0;
-       }
 error_put:
        key_ref_put(key_ref);
 error:
@@ -1352,12 +1350,11 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout)
 
 okay:
        key = key_ref_to_ptr(key_ref);
+       ret = 0;
        if (test_bit(KEY_FLAG_KEEP, &key->flags))
                ret = -EPERM;
-       else {
+       else
                key_set_timeout(key, timeout);
-               ret = 0;
-       }
        key_put(key);
 
 error: