On Thu, 28 Sep 2017, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > A key of type "encrypted" references a "master key" which is used to > encrypt and decrypt the encrypted key's payload. However, when we > accessed the master key's payload, we failed to handle the case where > the master key has been revoked, which sets the payload pointer to NULL. > Note that request_key() *does* skip revoked keys, but there is still a > window where the key can be revoked before we acquire its semaphore. > > Fix it by checking for a NULL payload, treating it like a key which was > already revoked at the time it was requested. > > This was an issue for master keys of type "user" only. Master keys can > also be of type "trusted", but those cannot be revoked. > > Fixes: 7e70cb497850 ("keys: add new key-type encrypted") > Cc: <stable@xxxxxxxxxxxxxxx> [v2.6.38+] > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> Reviewed-by: James Morris <james.l.morris@xxxxxxxxxx> -- James Morris <jmorris@xxxxxxxxx>