On Thu, 28 Sep 2017, Eric Biggers wrote: > From: Eric Biggers <[email protected]> > > When an fscrypt-encrypted file is opened, we request the file's master > key from the keyrings service as a logon key, then access its payload. > However, a revoked key has a NULL payload, and we failed to check for > this. request_key() *does* skip revoked keys, but there is still a > window where the key can be revoked before we acquire its semaphore. > > Fix it by checking for a NULL payload, treating it like a key which was > already revoked at the time it was requested. > > Fixes: 88bd6ccdcdd6 ("ext4 crypto: add encryption key management facilities") > Cc: <[email protected]> [v4.1+] > Signed-off-by: Eric Biggers <[email protected]>
Reviewed-by: James Morris <[email protected]> -- James Morris <[email protected]> -- Linux-cachefs mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-cachefs
