Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security layer fixes from James Morris: "A fix for SELinux policy processing (regression introduced by commit fa1aa143ac4a: "selinux: extended permissions for ioctls"), as well as a fix for the user-triggerable oops in the Keys code" * 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: KEYS: Fix handling of stored error in a negatively instantiated user key selinux: fix bug in conditional rules handling
author: Linus Torvalds <torvalds@linux-foundation.org> 2015-11-27 15:27:52 -0800
committer: Linus Torvalds <torvalds@linux-foundation.org> 2015-11-27 15:27:52 -0800
commit: 7e4b9359f483fe270c176cc37aaad54d5d1b6a1c (patch)
tree: 8e1606c2c90fb85ff1cae51a19b1cc2d41d0da87 /security/keys/encrypted-keys/encrypted.c
parent: c64410f3eca037f831e9db7cf880e600acc841af (diff)
parent: 6e37592900f1e75c2031ec10886f4858a260aeec (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 927db9f35ad6..696ccfa08d10 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -845,6 +845,8 @@ static int encrypted_update(struct key *key, struct key_preparsed_payload *prep)
 	size_t datalen = prep->datalen;
 	int ret = 0;
 
+	if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
+		return -ENOKEY;
 	if (datalen <= 0 || datalen > 32767 || !prep->data)
 		return -EINVAL;
author	Linus Torvalds <torvalds@linux-foundation.org>	2015-11-27 15:27:52 -0800
committer	Linus Torvalds <torvalds@linux-foundation.org>	2015-11-27 15:27:52 -0800
commit	7e4b9359f483fe270c176cc37aaad54d5d1b6a1c (patch)
tree	8e1606c2c90fb85ff1cae51a19b1cc2d41d0da87 /security/keys/encrypted-keys/encrypted.c
parent	c64410f3eca037f831e9db7cf880e600acc841af (diff)
parent	6e37592900f1e75c2031ec10886f4858a260aeec (diff)