diff options
Diffstat (limited to 'security/keys/keyring.c')
| -rw-r--r-- | security/keys/keyring.c | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 70f0c313c888..a9ab8affc092 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* keyring.c: keyring handling | 1 | /* Keyring handling |
| 2 | * | 2 | * |
| 3 | * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. | 3 | * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. |
| 4 | * Written by David Howells (dhowells@redhat.com) | 4 | * Written by David Howells (dhowells@redhat.com) |
| 5 | * | 5 | * |
| 6 | * This program is free software; you can redistribute it and/or | 6 | * This program is free software; you can redistribute it and/or |
| @@ -79,7 +79,7 @@ static DECLARE_RWSEM(keyring_serialise_link_sem); | |||
| 79 | * publish the name of a keyring so that it can be found by name (if it has | 79 | * publish the name of a keyring so that it can be found by name (if it has |
| 80 | * one) | 80 | * one) |
| 81 | */ | 81 | */ |
| 82 | void keyring_publish_name(struct key *keyring) | 82 | static void keyring_publish_name(struct key *keyring) |
| 83 | { | 83 | { |
| 84 | int bucket; | 84 | int bucket; |
| 85 | 85 | ||
| @@ -516,10 +516,9 @@ key_ref_t __keyring_search_one(key_ref_t keyring_ref, | |||
| 516 | /* | 516 | /* |
| 517 | * find a keyring with the specified name | 517 | * find a keyring with the specified name |
| 518 | * - all named keyrings are searched | 518 | * - all named keyrings are searched |
| 519 | * - only find keyrings with search permission for the process | 519 | * - normally only finds keyrings with search permission for the current process |
| 520 | * - only find keyrings with a serial number greater than the one specified | ||
| 521 | */ | 520 | */ |
| 522 | struct key *find_keyring_by_name(const char *name, key_serial_t bound) | 521 | struct key *find_keyring_by_name(const char *name, bool skip_perm_check) |
| 523 | { | 522 | { |
| 524 | struct key *keyring; | 523 | struct key *keyring; |
| 525 | int bucket; | 524 | int bucket; |
| @@ -545,15 +544,11 @@ struct key *find_keyring_by_name(const char *name, key_serial_t bound) | |||
| 545 | if (strcmp(keyring->description, name) != 0) | 544 | if (strcmp(keyring->description, name) != 0) |
| 546 | continue; | 545 | continue; |
| 547 | 546 | ||
| 548 | if (key_permission(make_key_ref(keyring, 0), | 547 | if (!skip_perm_check && |
| 548 | key_permission(make_key_ref(keyring, 0), | ||
| 549 | KEY_SEARCH) < 0) | 549 | KEY_SEARCH) < 0) |
| 550 | continue; | 550 | continue; |
| 551 | 551 | ||
| 552 | /* found a potential candidate, but we still need to | ||
| 553 | * check the serial number */ | ||
| 554 | if (keyring->serial <= bound) | ||
| 555 | continue; | ||
| 556 | |||
| 557 | /* we've got a match */ | 552 | /* we've got a match */ |
| 558 | atomic_inc(&keyring->usage); | 553 | atomic_inc(&keyring->usage); |
| 559 | read_unlock(&keyring_name_lock); | 554 | read_unlock(&keyring_name_lock); |