diff options
Diffstat (limited to 'security/keys/keyctl.c')
| -rw-r--r-- | security/keys/keyctl.c | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 6261745e4459..b2b0998d6abd 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c | |||
| @@ -505,13 +505,11 @@ okay: | |||
| 505 | 505 | ||
| 506 | ret = snprintf(tmpbuf, PAGE_SIZE - 1, | 506 | ret = snprintf(tmpbuf, PAGE_SIZE - 1, |
| 507 | "%s;%d;%d;%08x;%s", | 507 | "%s;%d;%d;%08x;%s", |
| 508 | key_ref_to_ptr(key_ref)->type->name, | 508 | key->type->name, |
| 509 | key_ref_to_ptr(key_ref)->uid, | 509 | key->uid, |
| 510 | key_ref_to_ptr(key_ref)->gid, | 510 | key->gid, |
| 511 | key_ref_to_ptr(key_ref)->perm, | 511 | key->perm, |
| 512 | key_ref_to_ptr(key_ref)->description ? | 512 | key->description ?: ""); |
| 513 | key_ref_to_ptr(key_ref)->description : "" | ||
| 514 | ); | ||
| 515 | 513 | ||
| 516 | /* include a NUL char at the end of the data */ | 514 | /* include a NUL char at the end of the data */ |
| 517 | if (ret > PAGE_SIZE - 1) | 515 | if (ret > PAGE_SIZE - 1) |
| @@ -1091,7 +1089,7 @@ error: | |||
| 1091 | long keyctl_set_timeout(key_serial_t id, unsigned timeout) | 1089 | long keyctl_set_timeout(key_serial_t id, unsigned timeout) |
| 1092 | { | 1090 | { |
| 1093 | struct timespec now; | 1091 | struct timespec now; |
| 1094 | struct key *key; | 1092 | struct key *key, *instkey; |
| 1095 | key_ref_t key_ref; | 1093 | key_ref_t key_ref; |
| 1096 | time_t expiry; | 1094 | time_t expiry; |
| 1097 | long ret; | 1095 | long ret; |
| @@ -1099,10 +1097,25 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout) | |||
| 1099 | key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, | 1097 | key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, |
| 1100 | KEY_SETATTR); | 1098 | KEY_SETATTR); |
| 1101 | if (IS_ERR(key_ref)) { | 1099 | if (IS_ERR(key_ref)) { |
| 1100 | /* setting the timeout on a key under construction is permitted | ||
| 1101 | * if we have the authorisation token handy */ | ||
| 1102 | if (PTR_ERR(key_ref) == -EACCES) { | ||
| 1103 | instkey = key_get_instantiation_authkey(id); | ||
| 1104 | if (!IS_ERR(instkey)) { | ||
| 1105 | key_put(instkey); | ||
| 1106 | key_ref = lookup_user_key(id, | ||
| 1107 | KEY_LOOKUP_PARTIAL, | ||
| 1108 | 0); | ||
| 1109 | if (!IS_ERR(key_ref)) | ||
| 1110 | goto okay; | ||
| 1111 | } | ||
| 1112 | } | ||
| 1113 | |||
| 1102 | ret = PTR_ERR(key_ref); | 1114 | ret = PTR_ERR(key_ref); |
| 1103 | goto error; | 1115 | goto error; |
| 1104 | } | 1116 | } |
| 1105 | 1117 | ||
| 1118 | okay: | ||
| 1106 | key = key_ref_to_ptr(key_ref); | 1119 | key = key_ref_to_ptr(key_ref); |
| 1107 | 1120 | ||
| 1108 | /* make the changes with the locks held to prevent races */ | 1121 | /* make the changes with the locks held to prevent races */ |