aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/keys/encrypted.c2
-rw-r--r--security/keys/trusted.c5
-rw-r--r--security/keys/user_defined.c5
3 files changed, 10 insertions, 2 deletions
diff --git a/security/keys/encrypted.c b/security/keys/encrypted.c
index b1cba5bf0a5..e14c4beb821 100644
--- a/security/keys/encrypted.c
+++ b/security/keys/encrypted.c
@@ -708,6 +708,8 @@ static int encrypted_update(struct key *key, const void *data, size_t datalen)
char *new_master_desc = NULL;
int ret = 0;
+ if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
+ return -ENOKEY;
if (datalen <= 0 || datalen > 32767 || !data)
return -EINVAL;
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 0c33e2ea1f3..7611f703be5 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -1002,12 +1002,15 @@ static void trusted_rcu_free(struct rcu_head *rcu)
*/
static int trusted_update(struct key *key, const void *data, size_t datalen)
{
- struct trusted_key_payload *p = key->payload.data;
+ struct trusted_key_payload *p;
struct trusted_key_payload *new_p;
struct trusted_key_options *new_o;
char *datablob;
int ret = 0;
+ if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
+ return -ENOKEY;
+ p = key->payload.data;
if (!p->migratable)
return -EPERM;
if (datalen <= 0 || datalen > 32767 || !data)
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index 69ff52c08e9..49ec88167a4 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -97,7 +97,10 @@ int user_update(struct key *key, const void *data, size_t datalen)
if (ret == 0) {
/* attach the new data, displacing the old */
- zap = key->payload.data;
+ if (!test_bit(KEY_FLAG_NEGATIVE, &key->flags))
+ zap = key->payload.data;
+ else
+ zap = NULL;
rcu_assign_pointer(key->payload.data, upayload);
key->expiry = 0;
}