aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/keyctl.c
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2016-01-07 07:46:36 -0500
committerMimi Zohar <zohar@linux.vnet.ibm.com>2016-01-07 12:56:42 -0500
commit1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 (patch)
treef875b8a19d539701b31ea4ffce40eee77c701103 /security/keys/keyctl.c
parentima: ima_write_policy() limit locking (diff)
downloadlinux-dev-1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0.tar.xz
linux-dev-1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0.zip
KEYS: refcount bug fix
This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP test before setting the flag, and cleans up the if/then brackets style introduced in commit: d3600bc KEYS: prevent keys from being removed from specified keyrings Reported-by: David Howells <dhowells@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: David Howells <dhowells@redhat.com>
Diffstat (limited to '')
-rw-r--r--security/keys/keyctl.c17
1 files changed, 7 insertions, 10 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index e83ec6b9eb9d..8f9f323f372b 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id)
}
key = key_ref_to_ptr(key_ref);
+ ret = 0;
if (test_bit(KEY_FLAG_KEEP, &key->flags))
- return -EPERM;
- else {
+ ret = -EPERM;
+ else
key_revoke(key);
- ret = 0;
- }
key_ref_put(key_ref);
error:
@@ -432,12 +431,11 @@ long keyctl_invalidate_key(key_serial_t id)
invalidate:
key = key_ref_to_ptr(key_ref);
+ ret = 0;
if (test_bit(KEY_FLAG_KEEP, &key->flags))
ret = -EPERM;
- else {
+ else
key_invalidate(key);
- ret = 0;
- }
error_put:
key_ref_put(key_ref);
error:
@@ -1352,12 +1350,11 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout)
okay:
key = key_ref_to_ptr(key_ref);
+ ret = 0;
if (test_bit(KEY_FLAG_KEEP, &key->flags))
ret = -EPERM;
- else {
+ else
key_set_timeout(key, timeout);
- ret = 0;
- }
key_put(key);
error: