Re: [PATCH 4.4 11/41] KEYS: fix writing past end of user-supplied buffer in keyring_read()

From: David Howells
Date: Thu Oct 19 2017 - 11:27:37 EST


Eric Biggers <ebiggers@xxxxxxxxxx> wrote:

> Hi Ben, thanks for pointing this out. I had assumed the "obvious" semantics,
> but it turns out that's not what's documented.

The manpage is correct. keyctl_read_alloc() in libkeyutils relies on the
behaviour documented there with respect to the full size of the data always
being returned, even if the buffer was too small.

The keyring cannot be modified whilst it is being read, so that's not a
concern.

keyctl_read_alloc() doesn't care if the buffer actually gets written to or
not, but it's best to honour the manpage.

David