diff options
author | David Howells <dhowells@redhat.com> | 2019-02-14 16:20:15 +0000 |
---|---|---|
committer | James Morris <james.morris@microsoft.com> | 2019-02-15 14:12:08 -0800 |
commit | bb2ba2d75a2d673e76ddaf13a9bd30d6a8b1bb08 (patch) | |
tree | 9f3a8e081a191743d29454281be65d32792ec974 /security/keys/request_key.c | |
parent | a08bf91ce28ed3ae7b6fef35d843fef8dc8c2cd9 (diff) | |
download | linux-bb2ba2d75a2d673e76ddaf13a9bd30d6a8b1bb08.tar.bz2 |
assoc_array: Fix shortcut creation
Fix the creation of shortcuts for which the length of the index key value
is an exact multiple of the machine word size. The problem is that the
code that blanks off the unused bits of the shortcut value malfunctions if
the number of bits in the last word equals machine word size. This is due
to the "<<" operator being given a shift of zero in this case, and so the
mask that should be all zeros is all ones instead. This causes the
subsequent masking operation to clear everything rather than clearing
nothing.
Ordinarily, the presence of the hash at the beginning of the tree index key
makes the issue very hard to test for, but in this case, it was encountered
due to a development mistake that caused the hash output to be either 0
(keyring) or 1 (non-keyring) only. This made it susceptible to the
keyctl/unlink/valid test in the keyutils package.
The fix is simply to skip the blanking if the shift would be 0. For
example, an index key that is 64 bits long would produce a 0 shift and thus
a 'blank' of all 1s. This would then be inverted and AND'd onto the
index_key, incorrectly clearing the entire last word.
Fixes: 3cb989501c26 ("Add a generic associative array implementation.")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'security/keys/request_key.c')
0 files changed, 0 insertions, 0 deletions