diff options
| author | Jarkko Sakkinen <jarkko@kernel.org> | 2021-01-29 01:56:20 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-03-03 18:22:52 +0100 |
| commit | 5bbec09f881ac2e19685efa3f18b704043afcede (patch) | |
| tree | 3567d5fb4bcbf47782159de1f5ca9c65e509e80a /security | |
| parent | 7ba5ff552d4b4c81c6fff81f41954e27a6468aa1 (diff) | |
| download | linux-stable-5bbec09f881ac2e19685efa3f18b704043afcede.tar.gz linux-stable-5bbec09f881ac2e19685efa3f18b704043afcede.tar.bz2 linux-stable-5bbec09f881ac2e19685efa3f18b704043afcede.zip | |
KEYS: trusted: Fix migratable=1 failing
commit 8da7520c80468c48f981f0b81fc1be6599e3b0ad upstream.
Consider the following transcript:
$ keyctl add trusted kmk "new 32 blobauth=helloworld keyhandle=80000000 migratable=1" @u
add_key: Invalid argument
The documentation has the following description:
migratable= 0|1 indicating permission to reseal to new PCR values,
default 1 (resealing allowed)
The consequence is that "migratable=1" should succeed. Fix this by
allowing this condition to pass instead of return -EINVAL.
[*] Documentation/security/keys/trusted-encrypted.rst
Cc: stable@vger.kernel.org
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Fixes: d00a1c72f7f4 ("keys: add new trusted key-type")
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/keys/trusted.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/keys/trusted.c b/security/keys/trusted.c index 01e8544f79a5..3bd415f53e27 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -797,7 +797,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay, case Opt_migratable: if (*args[0].from == '0') pay->migratable = 0; - else + else if (*args[0].from != '1') return -EINVAL; break; case Opt_pcrlock: |