On Mon, Apr 03, 2017 at 04:52:50PM +0000, Joe Richey wrote: > From: Joe Richey <joerichey@xxxxxxxxxx> > > Due to some interesting behaviour in keyctl (as described in the > comments), we use KEYCTL_GET_KEYRING_ID to translate the special value > of KEY_SPEC_SESSION_KEYRING to a real keyring id. However, how we > currently do this is flawed in two ways. > > First, if KEYCTL_GET_KEYRING_ID fails, we don't detect it as it returns > -1 and zero is used for an error value in get_keyring_id. Second, if the > user specifies "-k @s" the translation never runs and the undesireable > behavior occurs. > > These are both fixed by doing the translation outside of get_keyring_id. > > Signed-off-by: Joe Richey <joerichey@xxxxxxxxxx> Thanks, applied. - Ted
