diff options
| -rw-r--r-- | security/keys/keyring.c | 7 | ||||
| -rw-r--r-- | security/keys/request_key.c | 1 | ||||
| -rw-r--r-- | security/keys/request_key_auth.c | 1 |
3 files changed, 6 insertions, 3 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 8177010174f7..238aa172f25b 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c | |||
| @@ -628,6 +628,10 @@ static bool search_nested_keyrings(struct key *keyring, | |||
| 628 | ctx->index_key.type->name, | 628 | ctx->index_key.type->name, |
| 629 | ctx->index_key.description); | 629 | ctx->index_key.description); |
| 630 | 630 | ||
| 631 | #define STATE_CHECKS (KEYRING_SEARCH_NO_STATE_CHECK | KEYRING_SEARCH_DO_STATE_CHECK) | ||
| 632 | BUG_ON((ctx->flags & STATE_CHECKS) == 0 || | ||
| 633 | (ctx->flags & STATE_CHECKS) == STATE_CHECKS); | ||
| 634 | |||
| 631 | if (ctx->index_key.description) | 635 | if (ctx->index_key.description) |
| 632 | ctx->index_key.desc_len = strlen(ctx->index_key.description); | 636 | ctx->index_key.desc_len = strlen(ctx->index_key.description); |
| 633 | 637 | ||
| @@ -637,7 +641,6 @@ static bool search_nested_keyrings(struct key *keyring, | |||
| 637 | if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_ITERATE || | 641 | if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_ITERATE || |
| 638 | keyring_compare_object(keyring, &ctx->index_key)) { | 642 | keyring_compare_object(keyring, &ctx->index_key)) { |
| 639 | ctx->skipped_ret = 2; | 643 | ctx->skipped_ret = 2; |
| 640 | ctx->flags |= KEYRING_SEARCH_DO_STATE_CHECK; | ||
| 641 | switch (ctx->iterator(keyring_key_to_ptr(keyring), ctx)) { | 644 | switch (ctx->iterator(keyring_key_to_ptr(keyring), ctx)) { |
| 642 | case 1: | 645 | case 1: |
| 643 | goto found; | 646 | goto found; |
| @@ -649,8 +652,6 @@ static bool search_nested_keyrings(struct key *keyring, | |||
| 649 | } | 652 | } |
| 650 | 653 | ||
| 651 | ctx->skipped_ret = 0; | 654 | ctx->skipped_ret = 0; |
| 652 | if (ctx->flags & KEYRING_SEARCH_NO_STATE_CHECK) | ||
| 653 | ctx->flags &= ~KEYRING_SEARCH_DO_STATE_CHECK; | ||
| 654 | 655 | ||
| 655 | /* Start processing a new keyring */ | 656 | /* Start processing a new keyring */ |
| 656 | descend_to_keyring: | 657 | descend_to_keyring: |
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index bb4337c7ae1b..0bb23f98e4ca 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
| @@ -516,6 +516,7 @@ struct key *request_key_and_link(struct key_type *type, | |||
| 516 | .match_data.cmp = key_default_cmp, | 516 | .match_data.cmp = key_default_cmp, |
| 517 | .match_data.raw_data = description, | 517 | .match_data.raw_data = description, |
| 518 | .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, | 518 | .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, |
| 519 | .flags = KEYRING_SEARCH_DO_STATE_CHECK, | ||
| 519 | }; | 520 | }; |
| 520 | struct key *key; | 521 | struct key *key; |
| 521 | key_ref_t key_ref; | 522 | key_ref_t key_ref; |
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index 6639e2cb8853..5d672f7580dd 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c | |||
| @@ -249,6 +249,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id) | |||
| 249 | .match_data.cmp = key_default_cmp, | 249 | .match_data.cmp = key_default_cmp, |
| 250 | .match_data.raw_data = description, | 250 | .match_data.raw_data = description, |
| 251 | .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, | 251 | .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, |
| 252 | .flags = KEYRING_SEARCH_DO_STATE_CHECK, | ||
| 252 | }; | 253 | }; |
| 253 | struct key *authkey; | 254 | struct key *authkey; |
| 254 | key_ref_t authkey_ref; | 255 | key_ref_t authkey_ref; |