From 1260f801b4e4ba7be200886b4a53d730de05ca19 Mon Sep 17 00:00:00 2001 From: David Howells Date: Thu, 4 Aug 2005 11:50:01 +0100 Subject: [PATCH] [PATCH] Keys: Fix key management syscall interface bugs This fixes five bugs in the key management syscall interface: (1) add_key() returns 0 rather than EINVAL if the key type is "". Checking the key type isn't "" should be left to lookup_user_key(). (2) request_key() returns ENOKEY rather than EPERM if the key type begins with a ".". lookup_user_key() can't do this because internal key types begin with a ".". (3) Key revocation always returns 0, even if it fails. (4) Key read can return EAGAIN rather than EACCES under some circumstances. A key is permitted to by read by a process if it doesn't grant read access, but it does grant search access and it is in the process's keyrings. That search returns EAGAIN if it fails, and this needs translating to EACCES. (5) request_key() never adds the new key to the destination keyring if one is supplied. The wrong macro was being used to test for an error condition: PTR_ERR() will always return true, whether or not there's an error; this should've been IS_ERR(). Signed-Off-By: David Howells Signed-Off-By: Linus Torvalds --- security/keys/keyctl.c | 11 +++++++---- security/keys/request_key.c | 2 +- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index fea262860ea..a6516a64b29 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -49,9 +49,6 @@ asmlinkage long sys_add_key(const char __user *_type, goto error; type[31] = '\0'; - if (!type[0]) - goto error; - ret = -EPERM; if (type[0] == '.') goto error; @@ -144,6 +141,10 @@ asmlinkage long sys_request_key(const char __user *_type, goto error; type[31] = '\0'; + ret = -EPERM; + if (type[0] == '.') + goto error; + /* pull the description into kernel space */ ret = -EFAULT; dlen = strnlen_user(_description, PAGE_SIZE - 1); @@ -362,7 +363,7 @@ long keyctl_revoke_key(key_serial_t id) key_put(key); error: - return 0; + return ret; } /* end keyctl_revoke_key() */ @@ -685,6 +686,8 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) goto can_read_key2; ret = PTR_ERR(skey); + if (ret == -EAGAIN) + ret = -EACCES; goto error2; } diff --git a/security/keys/request_key.c b/security/keys/request_key.c index dfcd983af1f..90c1506d007 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -405,7 +405,7 @@ struct key *request_key_and_link(struct key_type *type, key_user_put(user); /* link the new key into the appropriate keyring */ - if (!PTR_ERR(key)) + if (!IS_ERR(key)) request_key_link(key, dest_keyring); } -- 2.20.1