summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2013-11-13 16:51:06 +0000
committerDavid Howells <dhowells@redhat.com>2013-11-13 16:51:06 +0000
commit97826c821ec6724fc359d9b7840dc10af914c641 (patch)
tree0d0f64d3dde09c876fd0248df6ca6bfaec16be93 /security
parentfbf8c53f1a2ac7610ed124043600dc074992e71b (diff)
downloadlinux-97826c821ec6724fc359d9b7840dc10af914c641.tar.gz
linux-97826c821ec6724fc359d9b7840dc10af914c641.tar.bz2
linux-97826c821ec6724fc359d9b7840dc10af914c641.zip
KEYS: Fix error handling in big_key instantiation
In the big_key_instantiate() function we return 0 if kernel_write() returns us an error rather than returning an error. This can potentially lead to dentry_open() giving a BUG when called from big_key_read() with an unset tmpfile path. ------------[ cut here ]------------ kernel BUG at fs/open.c:798! ... RIP: 0010:[<ffffffff8119bbd1>] dentry_open+0xd1/0xe0 ... Call Trace: [<ffffffff812350c5>] big_key_read+0x55/0x100 [<ffffffff81231084>] keyctl_read_key+0xb4/0xe0 [<ffffffff81231e58>] SyS_keyctl+0xf8/0x1d0 [<ffffffff815bb799>] system_call_fastpath+0x16/0x1b Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Diffstat (limited to 'security')
-rw-r--r--security/keys/big_key.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/security/keys/big_key.c b/security/keys/big_key.c
index 2cf5e62d67af..7f44c3207a9b 100644
--- a/security/keys/big_key.c
+++ b/security/keys/big_key.c
@@ -78,6 +78,7 @@ int big_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
written = kernel_write(file, prep->data, prep->datalen, 0);
if (written != datalen) {
+ ret = written;
if (written >= 0)
ret = -ENOMEM;
goto err_fput;