diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-12-03 10:56:12 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-12-03 10:56:12 -0800 |
commit | 23c836ce5c1e1e0bb942f58a3cbc2f7fc05a08b5 (patch) | |
tree | 818d1be11860a8fb43dee99a00de68817d0d11db /security/keys/request_key_auth.c | |
parent | 1dd909affbc45412270fd196d1181404d2e416b1 (diff) | |
parent | 188324808572faf096a5fd8c1986874bc904dafe (diff) |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull keyring/nfs fixes from James Morris:
"From David Howells:
The first one fixes the handling of maximum buffer size for key
descriptions, fixing the size at 4095 + NUL char rather than whatever
PAGE_SIZE happens to be and permits you to read back the full
description without it getting clipped because some extra information
got prepended.
The second and third fix a bug in NFS idmapper handling whereby a key
representing a mapping between an id and a name expires and causing
EKEYEXPIRED to be seen internally in NFS (which prevents the mapping
from happening) rather than re-looking up the mapping"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED
KEYS: Simplify KEYRING_SEARCH_{NO,DO}_STATE_CHECK flags
KEYS: Fix the size of the key description passed to/from userspace
Diffstat (limited to 'security/keys/request_key_auth.c')
-rw-r--r-- | security/keys/request_key_auth.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index 6639e2cb8853..5d672f7580dd 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c @@ -249,6 +249,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id) .match_data.cmp = key_default_cmp, .match_data.raw_data = description, .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, + .flags = KEYRING_SEARCH_DO_STATE_CHECK, }; struct key *authkey; key_ref_t authkey_ref; |