summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorMauro Carvalho Chehab <mchehab@s-opensource.com>2016-07-09 00:14:03 +0300
committerMauro Carvalho Chehab <mchehab@s-opensource.com>2016-07-09 00:14:03 +0300
commitfb810cb5eda8c47e3afbb45ea6b9676841d29e8d (patch)
tree618af9a957c6744e59d0183619a2e6cbbf685233 /security
parent241d9bb3427e1d074daa864a65730412b9a47a39 (diff)
parenta99cde438de0c4c0cecc1d1af1a55a75b10bfdef (diff)
downloadlinux-fb810cb5eda8c47e3afbb45ea6b9676841d29e8d.tar.xz
Merge tag 'v4.7-rc6' into patchwork
Linux 4.7-rc6 * tag 'v4.7-rc6': (1245 commits) Linux 4.7-rc6 ovl: warn instead of error if d_type is not supported MIPS: Fix possible corruption of cache mode by mprotect. locks: use file_inode() usb: dwc3: st: Use explicit reset_control_get_exclusive() API phy: phy-stih407-usb: Use explicit reset_control_get_exclusive() API phy: miphy28lp: Inform the reset framework that our reset line may be shared namespace: update event counter when umounting a deleted dentry 9p: use file_dentry() lockd: unregister notifier blocks if the service fails to come up completely ACPI,PCI,IRQ: correct operator precedence fuse: serialize dirops by default drm/i915: Fix missing unlock on error in i915_ppgtt_info() powerpc: Initialise pci_io_base as early as possible mfd: da9053: Fix compiler warning message for uninitialised variable mfd: max77620: Fix FPS switch statements phy: phy-stih407-usb: Inform the reset framework that our reset line may be shared usb: dwc3: st: Inform the reset framework that our reset line may be shared usb: host: ehci-st: Inform the reset framework that our reset line may be shared usb: host: ohci-st: Inform the reset framework that our reset line may be shared ...
Diffstat (limited to 'security')
-rw-r--r--security/keys/compat.c2
-rw-r--r--security/keys/dh.c8
-rw-r--r--security/keys/internal.h5
-rw-r--r--security/keys/key.c2
-rw-r--r--security/keys/keyctl.c4
5 files changed, 14 insertions, 7 deletions
diff --git a/security/keys/compat.c b/security/keys/compat.c
index c8783b3b628c..36c80bf5b89c 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -134,7 +134,7 @@ COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
case KEYCTL_DH_COMPUTE:
return keyctl_dh_compute(compat_ptr(arg2), compat_ptr(arg3),
- arg4);
+ arg4, compat_ptr(arg5));
default:
return -EOPNOTSUPP;
diff --git a/security/keys/dh.c b/security/keys/dh.c
index 880505a4b9f1..531ed2ec132f 100644
--- a/security/keys/dh.c
+++ b/security/keys/dh.c
@@ -78,7 +78,8 @@ error:
}
long keyctl_dh_compute(struct keyctl_dh_params __user *params,
- char __user *buffer, size_t buflen)
+ char __user *buffer, size_t buflen,
+ void __user *reserved)
{
long ret;
MPI base, private, prime, result;
@@ -97,6 +98,11 @@ long keyctl_dh_compute(struct keyctl_dh_params __user *params,
goto out;
}
+ if (reserved) {
+ ret = -EINVAL;
+ goto out;
+ }
+
keylen = mpi_from_key(pcopy.prime, buflen, &prime);
if (keylen < 0 || !prime) {
/* buflen == 0 may be used to query the required buffer size,
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 8ec7a528365d..a705a7d92ad7 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -260,10 +260,11 @@ static inline long keyctl_get_persistent(uid_t uid, key_serial_t destring)
#ifdef CONFIG_KEY_DH_OPERATIONS
extern long keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *,
- size_t);
+ size_t, void __user *);
#else
static inline long keyctl_dh_compute(struct keyctl_dh_params __user *params,
- char __user *buffer, size_t buflen)
+ char __user *buffer, size_t buflen,
+ void __user *reserved)
{
return -EOPNOTSUPP;
}
diff --git a/security/keys/key.c b/security/keys/key.c
index bd5a272f28a6..346fbf201c22 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -597,7 +597,7 @@ int key_reject_and_link(struct key *key,
mutex_unlock(&key_construction_mutex);
- if (keyring)
+ if (keyring && link_ret == 0)
__key_link_end(keyring, &key->index_key, edit);
/* wake up anyone waiting for a key to be constructed */
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 3b135a0af344..d580ad06b792 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1688,8 +1688,8 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
case KEYCTL_DH_COMPUTE:
return keyctl_dh_compute((struct keyctl_dh_params __user *) arg2,
- (char __user *) arg3,
- (size_t) arg4);
+ (char __user *) arg3, (size_t) arg4,
+ (void __user *) arg5);
default:
return -EOPNOTSUPP;