[PATCH 2/3] ecryptfs: checking return code of ecryptfs_find_auth_tok_for

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 2/3] ecryptfs: checking return code of ecryptfs_find_auth_tok_for_sig()
@ 2010-10-06 16:31 Roberto Sassu
  2010-10-08 19:10 ` Tyler Hicks
  0 siblings, 1 reply; 2+ messages in thread
From: Roberto Sassu @ 2010-10-06 16:31 UTC (permalink / raw)
  To: tyhicks, kirkland, jmorris, akpm, linux-fsdevel, linux-kernel,
	linux-security-module

[-- Attachment #1: Type: Text/Plain, Size: 1012 bytes --]

This patch replaces the check of the 'matching_auth_tok' pointer with
the exit status of ecryptfs_find_auth_tok_for_sig().
This avoids to use authentication tokens obtained through the function 
ecryptfs_keyring_auth_tok_for_sig which are not valid.


Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
---
 fs/ecryptfs/keystore.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 77580db..643d011 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -1819,11 +1819,11 @@ find_next_matching_auth_tok:
 			rc = -EINVAL;
 			goto out_wipe_list;
 		}
-		ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
+		rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
 					       &matching_auth_tok,
 					       crypt_stat->mount_crypt_stat,
 					       candidate_auth_tok_sig);
-		if (matching_auth_tok) {
+		if (!rc) {
 			found_auth_tok = 1;
 			goto found_matching_auth_tok;
 		}
-- 
1.7.2.3

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 4707 bytes --]

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH 2/3] ecryptfs: checking return code of ecryptfs_find_auth_tok_for_sig()
  2010-10-06 16:31 [PATCH 2/3] ecryptfs: checking return code of ecryptfs_find_auth_tok_for_sig() Roberto Sassu
@ 2010-10-08 19:10 ` Tyler Hicks
  0 siblings, 0 replies; 2+ messages in thread
From: Tyler Hicks @ 2010-10-08 19:10 UTC (permalink / raw)
  To: Roberto Sassu
  Cc: kirkland, jmorris, akpm, linux-fsdevel, linux-kernel,
	linux-security-module

On Wed Oct 06, 2010 at 06:31:15PM +0200, Roberto Sassu <roberto.sassu@polito.it> wrote:
> This patch replaces the check of the 'matching_auth_tok' pointer with
> the exit status of ecryptfs_find_auth_tok_for_sig().
> This avoids to use authentication tokens obtained through the function 
> ecryptfs_keyring_auth_tok_for_sig which are not valid.
> 
> 
> Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
> ---

Nice catch - applied to
git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6.git#next

Thanks!

>  fs/ecryptfs/keystore.c |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
> index 77580db..643d011 100644
> --- a/fs/ecryptfs/keystore.c
> +++ b/fs/ecryptfs/keystore.c
> @@ -1819,11 +1819,11 @@ find_next_matching_auth_tok:
>  			rc = -EINVAL;
>  			goto out_wipe_list;
>  		}
> -		ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
> +		rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key,
>  					       &matching_auth_tok,
>  					       crypt_stat->mount_crypt_stat,
>  					       candidate_auth_tok_sig);
> -		if (matching_auth_tok) {
> +		if (!rc) {
>  			found_auth_tok = 1;
>  			goto found_matching_auth_tok;
>  		}
> -- 
> 1.7.2.3

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-10-08 19:10 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-06 16:31 [PATCH 2/3] ecryptfs: checking return code of ecryptfs_find_auth_tok_for_sig() Roberto Sassu
2010-10-08 19:10 ` Tyler Hicks

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).