Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-11 06:31:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

keys: Invalidate used request_key authentication keys

Browse Source 
Invalidate used request_key authentication keys rather than revoking them
so that they get cleaned up immediately rather than potentially hanging
around.  There doesn't seem any need to keep the revoked keys around.

Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
David Howells 2019-06-19 16:10:15 +01:00
parent 504b69eb3c
commit a09003b5d7
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
security/keys/key.c
View File

@ -459,7 +459,7 @@ static int __key_instantiate_and_link(struct key *key,
/* disable the authorisation key */
if (authkey)
key_revoke(authkey);
key_invalidate(authkey);
if (prep->expiry != TIME64_MAX) {
key->expiry = prep->expiry;
@ -616,7 +616,7 @@ int key_reject_and_link(struct key *key,
/* disable the authorisation key */
if (authkey)
key_revoke(authkey);
key_invalidate(authkey);
}
mutex_unlock(&key_construction_mutex);

2
security/keys/request_key.c
View File

@ -222,7 +222,7 @@ static int construct_key(struct key *key, const void *callout_info,
/* check that the actor called complete_request_key() prior to
* returning an error */
WARN_ON(ret < 0 &&
!test_bit(KEY_FLAG_REVOKED, &authkey->flags));
!test_bit(KEY_FLAG_INVALIDATED, &authkey->flags));
key_put(authkey);
kleave(" = %d", ret);