Re: [PATCH] pkcs7: return correct error code if pkcs7_check_authattrs() fails

[James Morris <james.l.morris@xxxxxxxxxx>]

On Sun, 26 Nov 2017, Eric Biggers wrote:

> From: Eric Biggers <ebiggers@xxxxxxxxxx>
> 
> If pkcs7_check_authattrs() returns an error code, we should pass that
> error code on, rather than using ENOMEM.
> 
> Fixes: 99db44350672 ("PKCS#7: Appropriately restrict authenticated attributes and content type")
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> ---
>  crypto/asymmetric_keys/pkcs7_parser.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
> index c1ca1e86f5c4..a6dcaa659aa8 100644
> --- a/crypto/asymmetric_keys/pkcs7_parser.c
> +++ b/crypto/asymmetric_keys/pkcs7_parser.c
> @@ -148,8 +148,10 @@ struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
>  	}
>  
>  	ret = pkcs7_check_authattrs(ctx->msg);
> -	if (ret < 0)
> +	if (ret < 0) {
> +		msg = ERR_PTR(ret);
>  		goto out;
> +	}
>  
>  	msg = ctx->msg;
>  	ctx->msg = NULL;


Reviewed-by: James Morris <james.l.morris@xxxxxxxxxx>

-- 
James Morris
<james.l.morris@xxxxxxxxxx>