This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP
test before setting the flag, and cleans up the if/then brackets style
introduced in commit:
d3600bc KEYS: prevent keys from being removed from specified keyrings
Reported-by: David Howells <dhowe...@redhat.com>
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/keys/key.c | 3 +--
security/keys/keyctl.c | 17 +++++++----------
2 files changed, 8 insertions(+), 12 deletions(-)
diff --git a/security/keys/key.c b/security/keys/key.c
index 09ef276..07a8731 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -430,8 +430,7 @@ static int __key_instantiate_and_link(struct key *key,
/* and link it into the destination keyring */
if (keyring) {
- if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
- set_bit(KEY_FLAG_KEEP, &key->flags);
+ set_bit(KEY_FLAG_KEEP, &key->flags);
__key_link(key, _edit);
}
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index e83ec6b..8f9f323 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id)
}
key = key_ref_to_ptr(key_ref);
+ ret = 0;
if (test_bit(KEY_FLAG_KEEP, &key->flags))
- return -EPERM;
- else {
+ ret = -EPERM;
+ else
key_revoke(key);
- ret = 0;
- }
key_ref_put(key_ref);
error:
@@ -432,12 +431,11 @@ long keyctl_invalidate_key(key_serial_t id)
invalidate:
key = key_ref_to_ptr(key_ref);
+ ret = 0;
if (test_bit(KEY_FLAG_KEEP, &key->flags))
ret = -EPERM;
- else {
+ else
key_invalidate(key);
- ret = 0;
- }
error_put:
key_ref_put(key_ref);
error:
@@ -1352,12 +1350,11 @@ long keyctl_set_timeout(key_serial_t id, unsigned
timeout)
okay:
key = key_ref_to_ptr(key_ref);
+ ret = 0;
if (test_bit(KEY_FLAG_KEEP, &key->flags))
ret = -EPERM;
- else {
+ else
key_set_timeout(key, timeout);
- ret = 0;
- }
key_put(key);
error:
--
2.1.0
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
