diff options
author | David Howells <dhowells@redhat.com> | 2013-11-13 11:51:06 -0500 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2013-11-13 11:51:06 -0500 |
commit | 97826c821ec6724fc359d9b7840dc10af914c641 (patch) | |
tree | 0d0f64d3dde09c876fd0248df6ca6bfaec16be93 /security/keys | |
parent | fbf8c53f1a2ac7610ed124043600dc074992e71b (diff) |
KEYS: Fix error handling in big_key instantiation
In the big_key_instantiate() function we return 0 if kernel_write() returns us
an error rather than returning an error. This can potentially lead to
dentry_open() giving a BUG when called from big_key_read() with an unset
tmpfile path.
------------[ cut here ]------------
kernel BUG at fs/open.c:798!
...
RIP: 0010:[<ffffffff8119bbd1>] dentry_open+0xd1/0xe0
...
Call Trace:
[<ffffffff812350c5>] big_key_read+0x55/0x100
[<ffffffff81231084>] keyctl_read_key+0xb4/0xe0
[<ffffffff81231e58>] SyS_keyctl+0xf8/0x1d0
[<ffffffff815bb799>] system_call_fastpath+0x16/0x1b
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Diffstat (limited to 'security/keys')
-rw-r--r-- | security/keys/big_key.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/keys/big_key.c b/security/keys/big_key.c index 2cf5e62d67af..7f44c3207a9b 100644 --- a/security/keys/big_key.c +++ b/security/keys/big_key.c | |||
@@ -78,6 +78,7 @@ int big_key_instantiate(struct key *key, struct key_preparsed_payload *prep) | |||
78 | 78 | ||
79 | written = kernel_write(file, prep->data, prep->datalen, 0); | 79 | written = kernel_write(file, prep->data, prep->datalen, 0); |
80 | if (written != datalen) { | 80 | if (written != datalen) { |
81 | ret = written; | ||
81 | if (written >= 0) | 82 | if (written >= 0) |
82 | ret = -ENOMEM; | 83 | ret = -ENOMEM; |
83 | goto err_fput; | 84 | goto err_fput; |