summaryrefslogtreecommitdiff
path: root/security/keys/trusted.c
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2017-11-02 03:47:03 +0300
committerJames Morris <james.l.morris@oracle.com>2017-11-02 12:58:05 +0300
commit3239b6f29bdfb4b0a2ba59df995fc9e6f4df7f1f (patch)
treeaaca6a6994664d8c704b49fd3cc7f995e75007a8 /security/keys/trusted.c
parent3a99df9a3d14cd866b5516f8cba515a3bfd554ab (diff)
downloadlinux-3239b6f29bdfb4b0a2ba59df995fc9e6f4df7f1f.tar.xz
KEYS: return full count in keyring_read() if buffer is too small
Commit e645016abc80 ("KEYS: fix writing past end of user-supplied buffer in keyring_read()") made keyring_read() stop corrupting userspace memory when the user-supplied buffer is too small. However it also made the return value in that case be the short buffer size rather than the size required, yet keyctl_read() is actually documented to return the size required. Therefore, switch it over to the documented behavior. Note that for now we continue to have it fill the short buffer, since it did that before (pre-v3.13) and dump_key_tree_aux() in keyutils arguably relies on it. Fixes: e645016abc80 ("KEYS: fix writing past end of user-supplied buffer in keyring_read()") Reported-by: Ben Hutchings <ben@decadent.org.uk> Cc: <stable@vger.kernel.org> # v3.13+ Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: James Morris <james.l.morris@oracle.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/keys/trusted.c')
0 files changed, 0 insertions, 0 deletions