diff options
author | David Howells <dhowells@redhat.com> | 2013-11-13 16:51:06 +0000 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2013-11-13 16:51:06 +0000 |
commit | 97826c821ec6724fc359d9b7840dc10af914c641 (patch) | |
tree | 0d0f64d3dde09c876fd0248df6ca6bfaec16be93 /security | |
parent | fbf8c53f1a2ac7610ed124043600dc074992e71b (diff) | |
download | linux-97826c821ec6724fc359d9b7840dc10af914c641.tar.bz2 |
KEYS: Fix error handling in big_key instantiation
In the big_key_instantiate() function we return 0 if kernel_write() returns us
an error rather than returning an error. This can potentially lead to
dentry_open() giving a BUG when called from big_key_read() with an unset
tmpfile path.
------------[ cut here ]------------
kernel BUG at fs/open.c:798!
...
RIP: 0010:[<ffffffff8119bbd1>] dentry_open+0xd1/0xe0
...
Call Trace:
[<ffffffff812350c5>] big_key_read+0x55/0x100
[<ffffffff81231084>] keyctl_read_key+0xb4/0xe0
[<ffffffff81231e58>] SyS_keyctl+0xf8/0x1d0
[<ffffffff815bb799>] system_call_fastpath+0x16/0x1b
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/big_key.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/keys/big_key.c b/security/keys/big_key.c index 2cf5e62d67af..7f44c3207a9b 100644 --- a/security/keys/big_key.c +++ b/security/keys/big_key.c @@ -78,6 +78,7 @@ int big_key_instantiate(struct key *key, struct key_preparsed_payload *prep) written = kernel_write(file, prep->data, prep->datalen, 0); if (written != datalen) { + ret = written; if (written >= 0) ret = -ENOMEM; goto err_fput; |