summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2014-05-22 20:02:23 +0200
committerMimi Zohar <zohar@linux.vnet.ibm.com>2014-07-17 15:35:14 +0200
commita4e3b8d79a5c6d40f4a9703abf7fe3abcc6c3b8d (patch)
treec8b4b4458f2f213bddff67cb347f732836629e97 /security
parentima: provide double buffering for hash calculation (diff)
downloadlinux-a4e3b8d79a5c6d40f4a9703abf7fe3abcc6c3b8d.tar.xz
linux-a4e3b8d79a5c6d40f4a9703abf7fe3abcc6c3b8d.zip
KEYS: special dot prefixed keyring name bug fix
Dot prefixed keyring names are supposed to be reserved for the kernel, but add_key() calls key_get_type_from_user(), which incorrectly verifies the 'type' field, not the 'description' field. This patch verifies the 'description' field isn't dot prefixed, when creating a new keyring, and removes the dot prefix test in key_get_type_from_user(). Changelog v6: - whitespace and other cleanup Changelog v5: - Only prevent userspace from creating a dot prefixed keyring, not regular keys - Dmitry Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security')
-rw-r--r--security/keys/keyctl.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index cd5bd0cef25d..8a8c23357291 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -37,8 +37,6 @@ static int key_get_type_from_user(char *type,
return ret;
if (ret == 0 || ret >= len)
return -EINVAL;
- if (type[0] == '.')
- return -EPERM;
type[len - 1] = '\0';
return 0;
}
@@ -86,6 +84,10 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type,
if (!*description) {
kfree(description);
description = NULL;
+ } else if ((description[0] == '.') &&
+ (strncmp(type, "keyring", 7) == 0)) {
+ ret = -EPERM;
+ goto error2;
}
}