From 0e1fc5ef470cc1d157005c437a434868d59fead4 Mon Sep 17 00:00:00 2001 From: Roberto Sassu Date: Mon, 21 Mar 2011 16:00:53 +0100 Subject: eCryptfs: verify authentication tokens before their use Authentication tokens content may change if another requestor calls the update() method of the corresponding key. The new function ecryptfs_verify_auth_tok_from_key() retrieves the authentication token from the provided key and verifies if it is still valid before being used to encrypt or decrypt an eCryptfs file. Signed-off-by: Roberto Sassu [tyhicks: Minor formatting changes] Signed-off-by: Tyler Hicks --- fs/ecryptfs/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'fs/ecryptfs/main.c') diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 63e412cf0fa..520d05f5ad0 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c @@ -239,14 +239,14 @@ static int ecryptfs_init_global_auth_toks( struct ecryptfs_mount_crypt_stat *mount_crypt_stat) { struct ecryptfs_global_auth_tok *global_auth_tok; + struct ecryptfs_auth_tok *auth_tok; int rc = 0; list_for_each_entry(global_auth_tok, &mount_crypt_stat->global_auth_tok_list, mount_crypt_stat_list) { rc = ecryptfs_keyring_auth_tok_for_sig( - &global_auth_tok->global_auth_tok_key, - &global_auth_tok->global_auth_tok, + &global_auth_tok->global_auth_tok_key, &auth_tok, global_auth_tok->sig); if (rc) { printk(KERN_ERR "Could not find valid key in user " -- cgit v1.2.3-18-g5258