commit 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0
author Mimi Zohar <zohar@linux.vnet.ibm.com> Thu Jan 07 07:46:36 2016 -0500
committer Mimi Zohar <zohar@linux.vnet.ibm.com> Thu Jan 07 12:56:42 2016 -0500
tree f875b8a19d539701b31ea4ffce40eee77c701103
parent 6427e6c71c8b374761b661c4f355762794c171a1

KEYS: refcount bug fix

This patch fixes the key_ref leak, removes the unnecessary KEY_FLAG_KEEP
test before setting the flag, and cleans up the if/then brackets style
introduced in commit:
d3600bc KEYS: prevent keys from being removed from specified keyrings

Reported-by: David Howells <dhowells@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>

security/keys/key.c

diff --git a/security/keys/key.c b/security/keys/key.c
index 09ef276..07a8731 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -430,8 +430,7 @@
 
 			/* and link it into the destination keyring */
 			if (keyring) {
-				if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-					set_bit(KEY_FLAG_KEEP, &key->flags);
+				set_bit(KEY_FLAG_KEEP, &key->flags);
 
 				__key_link(key, _edit);
 			}

security/keys/keyctl.c

diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index e83ec6b..8f9f323 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -381,12 +381,11 @@
 	}
 
 	key = key_ref_to_ptr(key_ref);
+	ret = 0;
 	if (test_bit(KEY_FLAG_KEEP, &key->flags))
-		return -EPERM;
-	else {
+		ret = -EPERM;
+	else
 		key_revoke(key);
-		ret = 0;
-	}
 
 	key_ref_put(key_ref);
 error:
@@ -432,12 +431,11 @@
 
 invalidate:
 	key = key_ref_to_ptr(key_ref);
+	ret = 0;
 	if (test_bit(KEY_FLAG_KEEP, &key->flags))
 		ret = -EPERM;
-	else {
+	else
 		key_invalidate(key);
-		ret = 0;
-	}
 error_put:
 	key_ref_put(key_ref);
 error:
@@ -1352,12 +1350,11 @@
 
 okay:
 	key = key_ref_to_ptr(key_ref);
+	ret = 0;
 	if (test_bit(KEY_FLAG_KEEP, &key->flags))
 		ret = -EPERM;
-	else {
+	else
 		key_set_timeout(key, timeout);
-		ret = 0;
-	}
 	key_put(key);
 
 error: