diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-14 16:39:34 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-14 16:39:34 -0400 |
| commit | d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d (patch) | |
| tree | f414482d768b015a609924293b779b4ad0b8f764 /security/keys/keyctl.c | |
| parent | b6eea87fc6850d3531a64a27d2323a4498cd4e43 (diff) | |
| parent | dbadc17683e6c673a69b236c0f041b931cc55c42 (diff) | |
Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
Pull module signing support from Rusty Russell:
"module signing is the highlight, but it's an all-over David Howells frenzy..."
Hmm "Magrathea: Glacier signing key". Somebody has been reading too much HHGTTG.
* 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (37 commits)
X.509: Fix indefinite length element skip error handling
X.509: Convert some printk calls to pr_devel
asymmetric keys: fix printk format warning
MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking
MODSIGN: Make mrproper should remove generated files.
MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs
MODSIGN: Use the same digest for the autogen key sig as for the module sig
MODSIGN: Sign modules during the build process
MODSIGN: Provide a script for generating a key ID from an X.509 cert
MODSIGN: Implement module signature checking
MODSIGN: Provide module signing public keys to the kernel
MODSIGN: Automatically generate module signing keys if missing
MODSIGN: Provide Kconfig options
MODSIGN: Provide gitignore and make clean rules for extra files
MODSIGN: Add FIPS policy
module: signature checking hook
X.509: Add a crypto key parser for binary (DER) X.509 certificates
MPILIB: Provide a function to read raw data into an MPI
X.509: Add an ASN.1 decoder
X.509: Add simple ASN.1 grammar compiler
...
Diffstat (limited to 'security/keys/keyctl.c')
| -rw-r--r-- | security/keys/keyctl.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 305ecb76519..5d34b4e827d 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c | |||
| @@ -46,6 +46,9 @@ static int key_get_type_from_user(char *type, | |||
| 46 | * Extract the description of a new key from userspace and either add it as a | 46 | * Extract the description of a new key from userspace and either add it as a |
| 47 | * new key to the specified keyring or update a matching key in that keyring. | 47 | * new key to the specified keyring or update a matching key in that keyring. |
| 48 | * | 48 | * |
| 49 | * If the description is NULL or an empty string, the key type is asked to | ||
| 50 | * generate one from the payload. | ||
| 51 | * | ||
| 49 | * The keyring must be writable so that we can attach the key to it. | 52 | * The keyring must be writable so that we can attach the key to it. |
| 50 | * | 53 | * |
| 51 | * If successful, the new key's serial number is returned, otherwise an error | 54 | * If successful, the new key's serial number is returned, otherwise an error |
| @@ -72,10 +75,17 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, | |||
| 72 | if (ret < 0) | 75 | if (ret < 0) |
| 73 | goto error; | 76 | goto error; |
| 74 | 77 | ||
| 75 | description = strndup_user(_description, PAGE_SIZE); | 78 | description = NULL; |
| 76 | if (IS_ERR(description)) { | 79 | if (_description) { |
| 77 | ret = PTR_ERR(description); | 80 | description = strndup_user(_description, PAGE_SIZE); |
| 78 | goto error; | 81 | if (IS_ERR(description)) { |
| 82 | ret = PTR_ERR(description); | ||
| 83 | goto error; | ||
| 84 | } | ||
| 85 | if (!*description) { | ||
| 86 | kfree(description); | ||
| 87 | description = NULL; | ||
| 88 | } | ||
| 79 | } | 89 | } |
| 80 | 90 | ||
| 81 | /* pull the payload in if one was supplied */ | 91 | /* pull the payload in if one was supplied */ |