From: David Howells Date: Fri, 11 Mar 2011 17:57:33 +0000 (+0000) Subject: KEYS: Make request_key() and co. return an error for a negative key X-Git-Tag: v3.0-rc1~309^2~1^2~14^2~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4aab1e896a0a9d57420ff2867caa5a369123d8cb;p=platform%2Fkernel%2Flinux-exynos.git KEYS: Make request_key() and co. return an error for a negative key Make request_key() and co. return an error for a negative or rejected key. If the key was simply negated, then return ENOKEY, otherwise return the error with which it was rejected. Without this patch, the following command returns a key number (with the latest keyutils): [root@andromeda ~]# keyctl request2 user debug:foo rejected @s 586569904 Trying to print the key merely gets you a permission denied error: [root@andromeda ~]# keyctl print 586569904 keyctl_read_alloc: Permission denied Doing another request_key() call does get you the error, as long as it hasn't expired yet: [root@andromeda ~]# keyctl request user debug:foo request_key: Key was rejected by service Signed-off-by: David Howells Signed-off-by: James Morris --- diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 427fddc..eca5191 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -206,8 +206,14 @@ SYSCALL_DEFINE4(request_key, const char __user *, _type, goto error5; } + /* wait for the key to finish being constructed */ + ret = wait_for_key_construction(key, 1); + if (ret < 0) + goto error6; + ret = key->serial; +error6: key_put(key); error5: key_type_put(ktype);