KEYS: Change the name of the dead type to ".dead" to prevent user access

[pandora-kernel.git] / security / keys / gc.c

diff --git a/security/keys/gc.c b/security/keys/gc.c
index 207e968..b67f6a2 100644 (file)
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -46,7 +46,7 @@ static unsigned long key_gc_flags;
  * immediately unlinked.
  */
 struct key_type key_type_dead = {
-       .name = "dead",
+       .name = ".dead",
 };
 
 /*
@@ -172,8 +172,10 @@ static noinline void key_gc_unused_key(struct key *key)
 {
        key_check(key);
 
-       /* Throw away the key data */
-       if (key->type->destroy)
+       /* Throw away the key data if the key is instantiated */
+       if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
+           !test_bit(KEY_FLAG_NEGATIVE, &key->flags) &&
+           key->type->destroy)
                key->type->destroy(key);
 
        security_key_free(key);