diff options
Diffstat (limited to 'security/keys')
-rw-r--r-- | security/keys/key.c | 3 | ||||
-rw-r--r-- | security/keys/keyctl.c | 4 | ||||
-rw-r--r-- | security/keys/request_key_auth.c | 6 |
3 files changed, 10 insertions, 3 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index 7276d1a009d4..33a9c64eeed3 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -296,6 +296,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, key->gid = gid; key->perm = perm; key->restrict_link = restrict_link; + key->last_used_at = ktime_get_real_seconds(); if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) key->flags |= 1 << KEY_FLAG_IN_QUOTA; @@ -381,7 +382,7 @@ int key_payload_reserve(struct key *key, size_t datalen) spin_lock(&key->user->lock); if (delta > 0 && - (key->user->qnbytes + delta >= maxbytes || + (key->user->qnbytes + delta > maxbytes || key->user->qnbytes + delta < key->user->qnbytes)) { ret = -EDQUOT; } diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 797edcf1d424..2ef853bfbb8f 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -881,8 +881,8 @@ long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group) key_quota_root_maxbytes : key_quota_maxbytes; spin_lock(&newowner->lock); - if (newowner->qnkeys + 1 >= maxkeys || - newowner->qnbytes + key->quotalen >= maxbytes || + if (newowner->qnkeys + 1 > maxkeys || + newowner->qnbytes + key->quotalen > maxbytes || newowner->qnbytes + key->quotalen < newowner->qnbytes) goto quota_overrun; diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index f60baeb338e5..b47445022d5c 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c @@ -71,6 +71,9 @@ static void request_key_auth_describe(const struct key *key, { struct request_key_auth *rka = key->payload.data[0]; + if (!rka) + return; + seq_puts(m, "key:"); seq_puts(m, key->description); if (key_is_positive(key)) @@ -88,6 +91,9 @@ static long request_key_auth_read(const struct key *key, size_t datalen; long ret; + if (!rka) + return -EKEYREVOKED; + datalen = rka->callout_len; ret = datalen; |