From 1d75e29b237850f1d666a8d2f3a3846516dca43c Mon Sep 17 00:00:00 2001 From: Kevin Kuehler Date: Wed, 27 Nov 2019 16:35:15 -0800 Subject: [PATCH] shared/ask-password-api: modify keyctl break value We can break if KEYCTL_READ return value is equal to our buffer size. From keyctl(2): On a successful return, the return value is always the total size of the payload data. To determine whether the buffer was of sufficient size, check to see that the return value is less than or equal to the value supplied in arg4. (cherry picked from commit 6da498c28f2598bea4d651756485f57d54e379f4) --- src/shared/ask-password-api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index 60f6f60d81..bd077ebf0f 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -80,7 +80,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) { n = keyctl(KEYCTL_READ, (unsigned long) serial, (unsigned long) p, (unsigned long) m, 0); if (n < 0) return -errno; - if ((size_t) n < m) { + if ((size_t) n <= m) { nfinal = (size_t) n; pfinal = TAKE_PTR(p); break; -- 2.25.1