From: Jarkko Sakkinen <[email protected]>
commit 8da7520c80468c48f981f0b81fc1be6599e3b0ad upstream.
Consider the following transcript:
$ keyctl add trusted kmk "new 32 blobauth=helloworld keyhandle=80000000
migratable=1" @u
add_key: Invalid argument
The documentation has the following description:
migratable= 0|1 indicating permission to reseal to new PCR values,
default 1 (resealing allowed)
The consequence is that "migratable=1" should succeed. Fix this by
allowing this condition to pass instead of return -EINVAL.
[*] Documentation/security/keys/trusted-encrypted.rst
Cc: [email protected]
Cc: "James E.J. Bottomley" <[email protected]>
Cc: Mimi Zohar <[email protected]>
Cc: David Howells <[email protected]>
Fixes: d00a1c72f7f4 ("keys: add new trusted key-type")
Signed-off-by: Jarkko Sakkinen <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
security/keys/trusted.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -797,7 +797,7 @@ static int getoptions(char *c, struct tr
case Opt_migratable:
if (*args[0].from == '0')
pay->migratable = 0;
- else
+ else if (*args[0].from != '1')
return -EINVAL;
break;
case Opt_pcrlock:
