diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/encrypted.c | 2 | ||||
-rw-r--r-- | security/keys/trusted.c | 5 | ||||
-rw-r--r-- | security/keys/user_defined.c | 5 |
3 files changed, 10 insertions, 2 deletions
diff --git a/security/keys/encrypted.c b/security/keys/encrypted.c index b1cba5bf0a5..e14c4beb821 100644 --- a/security/keys/encrypted.c +++ b/security/keys/encrypted.c @@ -708,6 +708,8 @@ static int encrypted_update(struct key *key, const void *data, size_t datalen) char *new_master_desc = NULL; int ret = 0; + if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) + return -ENOKEY; if (datalen <= 0 || datalen > 32767 || !data) return -EINVAL; diff --git a/security/keys/trusted.c b/security/keys/trusted.c index 0c33e2ea1f3..7611f703be5 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -1002,12 +1002,15 @@ static void trusted_rcu_free(struct rcu_head *rcu) */ static int trusted_update(struct key *key, const void *data, size_t datalen) { - struct trusted_key_payload *p = key->payload.data; + struct trusted_key_payload *p; struct trusted_key_payload *new_p; struct trusted_key_options *new_o; char *datablob; int ret = 0; + if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) + return -ENOKEY; + p = key->payload.data; if (!p->migratable) return -EPERM; if (datalen <= 0 || datalen > 32767 || !data) diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index 69ff52c08e9..49ec88167a4 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c @@ -97,7 +97,10 @@ int user_update(struct key *key, const void *data, size_t datalen) if (ret == 0) { /* attach the new data, displacing the old */ - zap = key->payload.data; + if (!test_bit(KEY_FLAG_NEGATIVE, &key->flags)) + zap = key->payload.data; + else + zap = NULL; rcu_assign_pointer(key->payload.data, upayload); key->expiry = 0; } |