[PATCH] Keys: Fix permissions check for update vs add

[deliverable/linux.git] / security / keys / keyring.c

diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index e1cc4dd7901221352185e71daeffe1f3f779e325..4e9fa8be44b8e7071c75cb9f03ea5c2cb6d819bd 100644 (file)
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -434,8 +434,8 @@ ascend:
                if (sp >= KEYRING_SEARCH_MAX_DEPTH)
                        continue;
 
-               if (!key_task_permission(make_key_ref(key, possessed),
-                                        context, KEY_SEARCH) < 0)
+               if (key_task_permission(make_key_ref(key, possessed),
+                                       context, KEY_SEARCH) < 0)
                        continue;
 
                /* stack the current position */
@@ -526,7 +526,7 @@ key_ref_t __keyring_search_one(key_ref_t keyring_ref,
                            (!key->type->match ||
                             key->type->match(key, description)) &&
                            key_permission(make_key_ref(key, possessed),
-                                          perm) < 0 &&
+                                          perm) == 0 &&
                            !test_bit(KEY_FLAG_REVOKED, &key->flags)
                            )
                                goto found;
@@ -621,8 +621,8 @@ struct key *find_keyring_by_name(const char *name, key_serial_t bound)
                        if (strcmp(keyring->description, name) != 0)
                                continue;
 
-                       if (!key_permission(make_key_ref(keyring, 0),
-                                           KEY_SEARCH) < 0)
+                       if (key_permission(make_key_ref(keyring, 0),
+                                          KEY_SEARCH) < 0)
                                continue;
 
                        /* found a potential candidate, but we still need to