On Thu, 26 Oct 2017, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > Commit e645016abc80 ("KEYS: fix writing past end of user-supplied buffer > in keyring_read()") made keyring_read() stop corrupting userspace memory > when the user-supplied buffer is too small. However it also made the > return value in that case be the short buffer size rather than the size > required, yet keyctl_read() is actually documented to return the size > required. Therefore, switch it over to the documented behavior. > > Note that for now we continue to have it fill the short buffer, since it > did that before (pre-v3.13) and dump_key_tree_aux() in keyutils arguably > relies on it. > > Fixes: e645016abc80 ("KEYS: fix writing past end of user-supplied buffer in keyring_read()") > Reported-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> > Cc: <stable@xxxxxxxxxxxxxxx> # v3.13+ > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> Reviewed-by: James Morris <james.l.morris@xxxxxxxxxx> -- James Morris <james.l.morris@xxxxxxxxxx>