Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 0e1fc5ef470cc1d157005c437a434868d59fead4^! / . / fs / ecryptfs / main.c
commit0e1fc5ef470cc1d157005c437a434868d59fead4[log] [tgz]
authorRoberto Sassu <roberto.sassu@polito.it>Mon Mar 21 16:00:53 2011 +0100
committerTyler Hicks <tyhicks@linux.vnet.ibm.com>Mon Mar 28 01:49:41 2011 -0500
treea15889a237ad7db00ef695d4338286e663127ee0
parent7762e230fd31fcc1abc03ba32ee957fadc8eafb4 [diff] [blame]
eCryptfs: verify authentication tokens before their use

Authentication tokens content may change if another requestor calls the
update() method of the corresponding key. The new function
ecryptfs_verify_auth_tok_from_key() retrieves the authentication token from
the provided key and verifies if it is still valid before being used to
encrypt or decrypt an eCryptfs file.

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
[tyhicks: Minor formatting changes]
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>

diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 63e412c..520d05f 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c

@@ -239,14 +239,14 @@
 	struct ecryptfs_mount_crypt_stat *mount_crypt_stat)
 {
 	struct ecryptfs_global_auth_tok *global_auth_tok;
+	struct ecryptfs_auth_tok *auth_tok;
 	int rc = 0;
 
 	list_for_each_entry(global_auth_tok,
 			    &mount_crypt_stat->global_auth_tok_list,
 			    mount_crypt_stat_list) {
 		rc = ecryptfs_keyring_auth_tok_for_sig(
-			&global_auth_tok->global_auth_tok_key,
-			&global_auth_tok->global_auth_tok,
+			&global_auth_tok->global_auth_tok_key, &auth_tok,
 			global_auth_tok->sig);
 		if (rc) {
 			printk(KERN_ERR "Could not find valid key in user "