Message ID | 20171207175957.9630-3-kleber.souza@canonical.com |
---|---|
State | New |
Headers | show |
Series | [SRU,Zesty,1/1] KEYS: fix dereferencing NULL payload with nonzero length | expand |
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 3c7f6897fd5b..e09af189bd03 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -97,7 +97,7 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, /* pull the payload in if one was supplied */ payload = NULL; - if (_payload) { + if (plen) { ret = -ENOMEM; payload = kmalloc(plen, GFP_KERNEL | __GFP_NOWARN); if (!payload) { @@ -327,7 +327,7 @@ long keyctl_update_key(key_serial_t id, /* pull the payload in if one was supplied */ payload = NULL; - if (_payload) { + if (plen) { ret = -ENOMEM; payload = kmalloc(plen, GFP_KERNEL); if (!payload)