KEYS: Add a key type op to permit the key description to be vetted

Add a key type operation to permit the key type to vet the description of a new key that key_alloc() is about to allocate. The operation may reject the description if it wishes with an error of its choosing. If it does this, the key will not be allocated. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
2025-07-22 23:04:43 +00:00 · 2011-03-07 15:05:59 +00:00 · 2011-03-07 15:05:59 +00:00 · b9fffa3877
commit b9fffa3877
parent 633e804e89
4 changed files with 37 additions and 0 deletions
--- a/net/rxrpc/ar-key.c
+++ b/net/rxrpc/ar-key.c
@ -25,6 +25,7 @@
 #include <keys/user-type.h>
 #include "ar-internal.h"

+static int rxrpc_vet_description_s(const char *);
 static int rxrpc_instantiate(struct key *, const void *, size_t);
 static int rxrpc_instantiate_s(struct key *, const void *, size_t);
 static void rxrpc_destroy(struct key *);
@ -52,12 +53,30 @@ EXPORT_SYMBOL(key_type_rxrpc);
 */
 struct key_type key_type_rxrpc_s = {
 	.name		= "rxrpc_s",
+	.vet_description = rxrpc_vet_description_s,
 	.instantiate	= rxrpc_instantiate_s,
 	.match		= user_match,
 	.destroy	= rxrpc_destroy_s,
 	.describe	= rxrpc_describe,
 };

+/*
+ * Vet the description for an RxRPC server key
+ */
+static int rxrpc_vet_description_s(const char *desc)
+{
+	unsigned long num;
+	char *p;
+
+	num = simple_strtoul(desc, &p, 10);
+	if (*p != ':' || num > 65535)
+		return -EINVAL;
+	num = simple_strtoul(p + 1, &p, 10);
+	if (*p || num < 1 || num > 255)
+		return -EINVAL;
+	return 0;
+}
+
 /*
 * parse an RxKAD type XDR format token
 * - the caller guarantees we have at least 4 words