aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/keyctl.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/keys/keyctl.c')
-rw-r--r--security/keys/keyctl.c65
1 files changed, 29 insertions, 36 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index e9c2e7c584d9..8f4dce1987c4 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -212,15 +212,15 @@ SYSCALL_DEFINE4(request_key, const char __user *, _type,
212 ret = key->serial; 212 ret = key->serial;
213 213
214 key_put(key); 214 key_put(key);
215 error5: 215error5:
216 key_type_put(ktype); 216 key_type_put(ktype);
217 error4: 217error4:
218 key_ref_put(dest_ref); 218 key_ref_put(dest_ref);
219 error3: 219error3:
220 kfree(callout_info); 220 kfree(callout_info);
221 error2: 221error2:
222 kfree(description); 222 kfree(description);
223 error: 223error:
224 return ret; 224 return ret;
225 225
226} /* end sys_request_key() */ 226} /* end sys_request_key() */
@@ -246,7 +246,7 @@ long keyctl_get_keyring_ID(key_serial_t id, int create)
246 246
247 ret = key_ref_to_ptr(key_ref)->serial; 247 ret = key_ref_to_ptr(key_ref)->serial;
248 key_ref_put(key_ref); 248 key_ref_put(key_ref);
249 error: 249error:
250 return ret; 250 return ret;
251 251
252} /* end keyctl_get_keyring_ID() */ 252} /* end keyctl_get_keyring_ID() */
@@ -275,7 +275,7 @@ long keyctl_join_session_keyring(const char __user *_name)
275 ret = join_session_keyring(name); 275 ret = join_session_keyring(name);
276 kfree(name); 276 kfree(name);
277 277
278 error: 278error:
279 return ret; 279 return ret;
280 280
281} /* end keyctl_join_session_keyring() */ 281} /* end keyctl_join_session_keyring() */
@@ -322,9 +322,9 @@ long keyctl_update_key(key_serial_t id,
322 ret = key_update(key_ref, payload, plen); 322 ret = key_update(key_ref, payload, plen);
323 323
324 key_ref_put(key_ref); 324 key_ref_put(key_ref);
325 error2: 325error2:
326 kfree(payload); 326 kfree(payload);
327 error: 327error:
328 return ret; 328 return ret;
329 329
330} /* end keyctl_update_key() */ 330} /* end keyctl_update_key() */
@@ -356,7 +356,7 @@ long keyctl_revoke_key(key_serial_t id)
356 ret = 0; 356 ret = 0;
357 357
358 key_ref_put(key_ref); 358 key_ref_put(key_ref);
359 error: 359error:
360 return ret; 360 return ret;
361 361
362} /* end keyctl_revoke_key() */ 362} /* end keyctl_revoke_key() */
@@ -381,7 +381,7 @@ long keyctl_keyring_clear(key_serial_t ringid)
381 ret = keyring_clear(key_ref_to_ptr(keyring_ref)); 381 ret = keyring_clear(key_ref_to_ptr(keyring_ref));
382 382
383 key_ref_put(keyring_ref); 383 key_ref_put(keyring_ref);
384 error: 384error:
385 return ret; 385 return ret;
386 386
387} /* end keyctl_keyring_clear() */ 387} /* end keyctl_keyring_clear() */
@@ -413,9 +413,9 @@ long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
413 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 413 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
414 414
415 key_ref_put(key_ref); 415 key_ref_put(key_ref);
416 error2: 416error2:
417 key_ref_put(keyring_ref); 417 key_ref_put(keyring_ref);
418 error: 418error:
419 return ret; 419 return ret;
420 420
421} /* end keyctl_keyring_link() */ 421} /* end keyctl_keyring_link() */
@@ -447,9 +447,9 @@ long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
447 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 447 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
448 448
449 key_ref_put(key_ref); 449 key_ref_put(key_ref);
450 error2: 450error2:
451 key_ref_put(keyring_ref); 451 key_ref_put(keyring_ref);
452 error: 452error:
453 return ret; 453 return ret;
454 454
455} /* end keyctl_keyring_unlink() */ 455} /* end keyctl_keyring_unlink() */
@@ -529,9 +529,9 @@ okay:
529 } 529 }
530 530
531 kfree(tmpbuf); 531 kfree(tmpbuf);
532 error2: 532error2:
533 key_ref_put(key_ref); 533 key_ref_put(key_ref);
534 error: 534error:
535 return ret; 535 return ret;
536 536
537} /* end keyctl_describe_key() */ 537} /* end keyctl_describe_key() */
@@ -616,17 +616,17 @@ long keyctl_keyring_search(key_serial_t ringid,
616 616
617 ret = key_ref_to_ptr(key_ref)->serial; 617 ret = key_ref_to_ptr(key_ref)->serial;
618 618
619 error6: 619error6:
620 key_ref_put(key_ref); 620 key_ref_put(key_ref);
621 error5: 621error5:
622 key_type_put(ktype); 622 key_type_put(ktype);
623 error4: 623error4:
624 key_ref_put(dest_ref); 624 key_ref_put(dest_ref);
625 error3: 625error3:
626 key_ref_put(keyring_ref); 626 key_ref_put(keyring_ref);
627 error2: 627error2:
628 kfree(description); 628 kfree(description);
629 error: 629error:
630 return ret; 630 return ret;
631 631
632} /* end keyctl_keyring_search() */ 632} /* end keyctl_keyring_search() */
@@ -673,7 +673,7 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
673 } 673 }
674 674
675 /* the key is probably readable - now try to read it */ 675 /* the key is probably readable - now try to read it */
676 can_read_key: 676can_read_key:
677 ret = key_validate(key); 677 ret = key_validate(key);
678 if (ret == 0) { 678 if (ret == 0) {
679 ret = -EOPNOTSUPP; 679 ret = -EOPNOTSUPP;
@@ -686,9 +686,9 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
686 } 686 }
687 } 687 }
688 688
689 error2: 689error2:
690 key_put(key); 690 key_put(key);
691 error: 691error:
692 return ret; 692 return ret;
693 693
694} /* end keyctl_read_key() */ 694} /* end keyctl_read_key() */
@@ -1282,26 +1282,19 @@ long keyctl_session_to_parent(void)
1282 1282
1283 /* the parent must have the same effective ownership and mustn't be 1283 /* the parent must have the same effective ownership and mustn't be
1284 * SUID/SGID */ 1284 * SUID/SGID */
1285 if (pcred-> uid != mycred->euid || 1285 if (pcred->uid != mycred->euid ||
1286 pcred->euid != mycred->euid || 1286 pcred->euid != mycred->euid ||
1287 pcred->suid != mycred->euid || 1287 pcred->suid != mycred->euid ||
1288 pcred-> gid != mycred->egid || 1288 pcred->gid != mycred->egid ||
1289 pcred->egid != mycred->egid || 1289 pcred->egid != mycred->egid ||
1290 pcred->sgid != mycred->egid) 1290 pcred->sgid != mycred->egid)
1291 goto not_permitted; 1291 goto not_permitted;
1292 1292
1293 /* the keyrings must have the same UID */ 1293 /* the keyrings must have the same UID */
1294 if (pcred ->tgcred->session_keyring->uid != mycred->euid || 1294 if (pcred->tgcred->session_keyring->uid != mycred->euid ||
1295 mycred->tgcred->session_keyring->uid != mycred->euid) 1295 mycred->tgcred->session_keyring->uid != mycred->euid)
1296 goto not_permitted; 1296 goto not_permitted;
1297 1297
1298 /* the LSM must permit the replacement of the parent's keyring with the
1299 * keyring from this process */
1300 ret = security_key_session_to_parent(mycred, pcred,
1301 key_ref_to_ptr(keyring_r));
1302 if (ret < 0)
1303 goto not_permitted;
1304
1305 /* if there's an already pending keyring replacement, then we replace 1298 /* if there's an already pending keyring replacement, then we replace
1306 * that */ 1299 * that */
1307 oldcred = parent->replacement_session_keyring; 1300 oldcred = parent->replacement_session_keyring;
generated by cgit v1.2.2 (git 2.25.0) at 2025-11-01 01:02:52 -0400