diff options
author | David Howells <dhowells@redhat.com> | 2013-12-02 11:24:19 +0000 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2013-12-02 11:24:19 +0000 |
commit | 9c5e45df215b4788f7a41c983ce862d08a083c2d (patch) | |
tree | 8cc80b01bfd2501b21e84688f4d34bb9516a17da /security/keys/compat.c | |
parent | 23fd78d76415729b338ff1802a0066b4a62f7fb8 (diff) |
KEYS: Fix searching of nested keyrings
If a keyring contains more than 16 keyrings (the capacity of a single node in
the associative array) then those keyrings are split over multiple nodes
arranged as a tree.
If search_nested_keyrings() is called to search the keyring then it will
attempt to manually walk over just the 0 branch of the associative array tree
where all the keyring links are stored. This works provided the key is found
before the algorithm steps from one node containing keyrings to a child node
or if there are sufficiently few keyring links that the keyrings are all in
one node.
However, if the algorithm does need to step from a node to a child node, it
doesn't change the node pointer unless a shortcut also gets transited. This
means that the algorithm will keep scanning the same node over and over again
without terminating and without returning.
To fix this, move the internal-pointer-to-node translation from inside the
shortcut transit handler so that it applies it to node arrival as well.
This can be tested by:
r=`keyctl newring sandbox @s`
for ((i=0; i<=16; i++)); do keyctl newring ring$i $r; done
for ((i=0; i<=16; i++)); do keyctl add user a$i a %:ring$i; done
for ((i=0; i<=16; i++)); do keyctl search $r user a$i; done
for ((i=17; i<=20; i++)); do keyctl search $r user a$i; done
The searches should all complete successfully (or with an error for 17-20),
but instead one or more of them will hang.
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Stephen Gallagher <sgallagh@redhat.com>
Diffstat (limited to 'security/keys/compat.c')
0 files changed, 0 insertions, 0 deletions