pkcs7: return correct error code if pkcs7_check_authattrs() fails

If pkcs7_check_authattrs() returns an error code, we should pass that error code on, rather than using ENOMEM. Fixes: 99db4435 ("PKCS#7: Appropriately restrict authenticated attributes and content type") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: James Morris <james.l.morris@oracle.com>

pkcs7: return correct error code if pkcs7_check_authattrs() fails
If pkcs7_check_authattrs() returns an error code, we should pass that error code on, rather than using ENOMEM. Fixes: 99db4435 ("PKCS#7: Appropriately restrict authenticated attributes and content type") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: James Morris <james.l.morris@oracle.com>
8ecb506d · Eric Biggers · David Howells · 8dfd2f22 · 8ecb506d
Commit 8ecb506d authored Dec 08, 2017 by Eric Biggers Committed by David Howells Dec 08, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

crypto/asymmetric_keys/pkcs7_parser.c crypto/asymmetric_keys/pkcs7_parser.c +3 -1

No files found.
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -148,8 +148,10 @@ struct pkcs7_message *pkcs7_parse_message(const void *data, size_t datalen)
 	}

 	ret = pkcs7_check_authattrs(ctx->msg);
-	if (ret < 0)
+	if (ret < 0) {
+		msg = ERR_PTR(ret);
 		goto out;
+	}

 	msg = ctx->msg;
 	ctx->msg = NULL;