diff options
author | Jeff Layton <jlayton@redhat.com> | 2008-09-24 11:32:59 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2008-09-24 20:59:37 +0000 |
commit | dfd15c46a6c2cafb006183c0c14f07e59eee4ac0 (patch) | |
tree | bfd9c0f4be99841c2638bfe6985676bb789b0610 /fs/cifs | |
parent | d9414774dc0c7b395036deeca000af42e2d13612 (diff) | |
download | talos-op-linux-dfd15c46a6c2cafb006183c0c14f07e59eee4ac0.tar.gz talos-op-linux-dfd15c46a6c2cafb006183c0c14f07e59eee4ac0.zip |
cifs: explicitly revoke SPNEGO key after session setup
cifs: explicitly revoke SPNEGO key after session setup
The SPNEGO blob returned by an upcall can only be used once. Explicitly
revoke it to make sure that we never pick it up again after session
setup exits.
This doesn't seem to be that big an issue on more recent kernels, but
older kernels seem to link keys into the session keyring by default.
That said, explicitly revoking the key seems like a reasonable thing
to do here.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs')
-rw-r--r-- | fs/cifs/sess.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c index 252fdc0567f1..2851d5da0c8c 100644 --- a/fs/cifs/sess.c +++ b/fs/cifs/sess.c @@ -624,8 +624,10 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, int first_time, ses, nls_cp); ssetup_exit: - if (spnego_key) + if (spnego_key) { + key_revoke(spnego_key); key_put(spnego_key); + } kfree(str_area); if (resp_buf_type == CIFS_SMALL_BUFFER) { cFYI(1, ("ssetup freeing small buf %p", iov[0].iov_base)); |