KEYS: Don't permit request_key() to construct a new keyring
If request_key() is used to find a keyring, only do the search part - don't do the construction part if the keyring was not found by the search. We don't really want keyrings in the negative instantiated state since the rejected/negative instantiation error value in the payload is unioned with keyring metadata. Now the kernel gives an error: request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted) Signed-off-by: David Howells <dhowells@redhat.com> CVE-2015-7872 Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org> Change-Id: I3603fec8fab929d7636d7223901f16dc8d8026cc
This commit is contained in:
parent
2b694b422f
commit
d587946ff0
|
@ -481,6 +481,9 @@ static struct key *construct_key_and_link(struct key_type *type,
|
|||
|
||||
kenter("");
|
||||
|
||||
if (type == &key_type_keyring)
|
||||
return ERR_PTR(-EPERM);
|
||||
|
||||
ret = construct_get_dest_keyring(&dest_keyring);
|
||||
if (ret)
|
||||
goto error;
|
||||
|
|
Loading…
Reference in New Issue