summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2016-01-07 07:46:36 -0500
committerMimi Zohar <zohar@linux.vnet.ibm.com>2016-01-07 12:56:42 -0500
commit1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 (patch)
treef875b8a19d539701b31ea4ffce40eee77c701103 /security
parent6427e6c71c8b374761b661c4f355762794c171a1 (diff)
downloadlinux-1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0.tar.bz2
KEYS: refcount bug fix
This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP test before setting the flag, and cleans up the if/then brackets style introduced in commit: d3600bc KEYS: prevent keys from being removed from specified keyrings Reported-by: David Howells <dhowells@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security')
-rw-r--r--security/keys/key.c3
-rw-r--r--security/keys/keyctl.c17
2 files changed, 8 insertions, 12 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index 09ef276c4bdc..07a87311055c 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -430,8 +430,7 @@ static int __key_instantiate_and_link(struct key *key,
/* and link it into the destination keyring */
if (keyring) {
- if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
- set_bit(KEY_FLAG_KEEP, &key->flags);
+ set_bit(KEY_FLAG_KEEP, &key->flags);
__key_link(key, _edit);
}
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index e83ec6b9eb9d..8f9f323f372b 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id)
}
key = key_ref_to_ptr(key_ref);
+ ret = 0;
if (test_bit(KEY_FLAG_KEEP, &key->flags))
- return -EPERM;
- else {
+ ret = -EPERM;
+ else
key_revoke(key);
- ret = 0;
- }
key_ref_put(key_ref);
error:
@@ -432,12 +431,11 @@ long keyctl_invalidate_key(key_serial_t id)
invalidate:
key = key_ref_to_ptr(key_ref);
+ ret = 0;
if (test_bit(KEY_FLAG_KEEP, &key->flags))
ret = -EPERM;
- else {
+ else
key_invalidate(key);
- ret = 0;
- }
error_put:
key_ref_put(key_ref);
error:
@@ -1352,12 +1350,11 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout)
okay:
key = key_ref_to_ptr(key_ref);
+ ret = 0;
if (test_bit(KEY_FLAG_KEEP, &key->flags))
ret = -EPERM;
- else {
+ else
key_set_timeout(key, timeout);
- ret = 0;
- }
key_put(key);
error: