Commit f67dabbd authored Mar 06, 2012 by Dan Carpenter Committed by James Morris Mar 07, 2012

KEYS: testing wrong bit for KEY_FLAG_REVOKED



The test for "if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) {"
should actually testing that the (1 << KEY_FLAG_REVOKED) bit is set.
The current code actually checks for KEY_FLAG_DEAD.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>

parent df91e494

security/keys/process_keys.c

+2 −1

Original line number	Original line	Diff line number	Diff line
	@@ -657,7 +657,8 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
	goto error;		goto error;

	down_read(&cred->request_key_auth->sem);		down_read(&cred->request_key_auth->sem);
	if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) {		if (test_bit(KEY_FLAG_REVOKED,
			&cred->request_key_auth->flags)) {
	key_ref = ERR_PTR(-EKEYREVOKED);		key_ref = ERR_PTR(-EKEYREVOKED);
	key = NULL;		key = NULL;
	} else {		} else {