diff --git a/drivers/net/usb/cdc-phonet.c b/drivers/net/usb/cdc-phonet.c
index 7d78669000d704d8448aea5e24a8a73c312badfc..af49e8fcd711306c1a35ea28f13174561ccba9ce 100644
--- a/drivers/net/usb/cdc-phonet.c
+++ b/drivers/net/usb/cdc-phonet.c
@@ -343,9 +343,9 @@ int usbpn_probe(struct usb_interface *intf, const struct usb_device_id *id)
data = intf->altsetting->extra;
len = intf->altsetting->extralen;
- while (len >= 3) {
+ while (len > 0) {
u8 dlen = data[0];
- if (dlen < 3)
+ if ((len < dlen) || (dlen < 3 ))
return -EINVAL;
/* bDescriptorType */
diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cdc_ether.c
index b1897c7afdd8da3cc23a31e690fb092255031fa9..71e11ebf11a3253a329ccd41b40aed94b6b479b1 100644
--- a/drivers/net/usb/cdc_ether.c
+++ b/drivers/net/usb/cdc_ether.c
@@ -128,7 +128,13 @@ int usbnet_generic_cdc_bind(struct usbnet *dev, struct usb_interface *intf)
memset(info, 0, sizeof *info);
info->control = intf;
- while (len > 3) {
+ while (len > 0) {
+
+ if ((len < buf [0]) || (buf [0] < 3)) {
+ dev_dbg(&intf->dev, "invalid descriptor buffer length\n");
+ goto bad_desc;
+ }
+
if (buf [1] != USB_DT_CS_INTERFACE)
goto next_desc;
diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index 43204f4be2da50d0041bc4b1bf03a8d69153cdfc..15ffe00aabbe360e687aa4f327b220a6bce62e6a 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -235,9 +235,14 @@ static int qmi_wwan_bind(struct usbnet *dev, struct usb_interface *intf)
info->data = intf;
/* and a number of CDC descriptors */
- while (len > 3) {
+ while (len > 0) {
struct usb_descriptor_header *h = (void *)buf;
+ if ((len < buf[0]) || (buf[0] < 3)) {
+ dev_dbg(&intf->dev, "invalid descriptor buffer length\n");
+ goto err;
+ }
+
/* ignore any misplaced descriptors */
if (h->bDescriptorType != USB_DT_CS_INTERFACE)
goto next_desc;
diff --git a/drivers/net/wireless/bcmdhd/wl_cfg80211.c b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
index e7ababd395be6ffdc84ed5d2fa5f7fd464b216c0..72243f219f4d4d7e80e16dd95a523f79480c09cb 100644
--- a/drivers/net/wireless/bcmdhd/wl_cfg80211.c
+++ b/drivers/net/wireless/bcmdhd/wl_cfg80211.c
@@ -8930,6 +8930,32 @@ static s32 wl_get_assoc_ies(struct bcm_cfg80211 *cfg, struct net_device *ndev)
assoc_info.req_len = htod32(assoc_info.req_len);
assoc_info.resp_len = htod32(assoc_info.resp_len);
assoc_info.flags = htod32(assoc_info.flags);
+
+ if (assoc_info.req_len >
+ (MAX_REQ_LINE + sizeof(struct dot11_assoc_req) +
+ ((assoc_info.flags & WLC_ASSOC_REQ_IS_REASSOC) ?
+ ETHER_ADDR_LEN : 0))) {
+ err = BCME_BADLEN;
+ goto exit;
+ }
+ if ((assoc_info.req_len > 0) &&
+ (assoc_info.req_len < (sizeof(struct dot11_assoc_req) +
+ ((assoc_info.flags & WLC_ASSOC_REQ_IS_REASSOC) ?
+ ETHER_ADDR_LEN : 0)))) {
+ err = BCME_BADLEN;
+ goto exit;
+ }
+ if (assoc_info.resp_len >
+ (MAX_REQ_LINE + sizeof(struct dot11_assoc_resp))) {
+ err = BCME_BADLEN;
+ goto exit;
+ }
+ if ((assoc_info.resp_len > 0) &&
+ (assoc_info.resp_len < sizeof(struct dot11_assoc_resp))) {
+ err = BCME_BADLEN;
+ goto exit;
+ }
+
if (conn_info->req_ie_len) {
conn_info->req_ie_len = 0;
bzero(conn_info->req_ie, sizeof(conn_info->req_ie));
@@ -8938,48 +8964,42 @@ static s32 wl_get_assoc_ies(struct bcm_cfg80211 *cfg, struct net_device *ndev)
conn_info->resp_ie_len = 0;
bzero(conn_info->resp_ie, sizeof(conn_info->resp_ie));
}
+
if (assoc_info.req_len) {
- err = wldev_iovar_getbuf(ndev, "assoc_req_ies", NULL, 0, cfg->extra_buf,
- WL_ASSOC_INFO_MAX, NULL);
+ err = wldev_iovar_getbuf(ndev, "assoc_req_ies", NULL, 0,
+ cfg->extra_buf, WL_ASSOC_INFO_MAX, NULL);
if (unlikely(err)) {
WL_ERR(("could not get assoc req (%d)\n", err));
- return err;
+ goto exit;
}
- conn_info->req_ie_len = assoc_info.req_len - sizeof(struct dot11_assoc_req);
+ conn_info->req_ie_len = assoc_info.req_len -
+ sizeof(struct dot11_assoc_req);
if (assoc_info.flags & WLC_ASSOC_REQ_IS_REASSOC) {
conn_info->req_ie_len -= ETHER_ADDR_LEN;
}
- if (conn_info->req_ie_len <= MAX_REQ_LINE)
- memcpy(conn_info->req_ie, cfg->extra_buf, conn_info->req_ie_len);
- else {
- WL_ERR(("IE size %d above max %d size \n",
- conn_info->req_ie_len, MAX_REQ_LINE));
- return err;
- }
- } else {
- conn_info->req_ie_len = 0;
+ memcpy(conn_info->req_ie, cfg->extra_buf,
+ conn_info->req_ie_len);
}
+
if (assoc_info.resp_len) {
- err = wldev_iovar_getbuf(ndev, "assoc_resp_ies", NULL, 0, cfg->extra_buf,
- WL_ASSOC_INFO_MAX, NULL);
+ err = wldev_iovar_getbuf(ndev, "assoc_resp_ies", NULL, 0,
+ cfg->extra_buf, WL_ASSOC_INFO_MAX, NULL);
if (unlikely(err)) {
WL_ERR(("could not get assoc resp (%d)\n", err));
- return err;
- }
- conn_info->resp_ie_len = assoc_info.resp_len -sizeof(struct dot11_assoc_resp);
- if (conn_info->resp_ie_len <= MAX_REQ_LINE)
- memcpy(conn_info->resp_ie, cfg->extra_buf, conn_info->resp_ie_len);
- else {
- WL_ERR(("IE size %d above max %d size \n",
- conn_info->resp_ie_len, MAX_REQ_LINE));
- return err;
+ goto exit;
}
- } else {
- conn_info->resp_ie_len = 0;
+ conn_info->resp_ie_len =
+ assoc_info.resp_len - sizeof(struct dot11_assoc_resp);
+ memcpy(conn_info->resp_ie, cfg->extra_buf,
+ conn_info->resp_ie_len);
}
- WL_DBG(("req len (%d) resp len (%d)\n", conn_info->req_ie_len,
- conn_info->resp_ie_len));
+exit:
+ if (err) {
+ WL_ERR(("err:%d assoc-req:%u,resp:%u conn-req:%u,resp:%u\n",
+ err, assoc_info.req_len, assoc_info.resp_len,
+ conn_info->req_ie_len, conn_info->resp_ie_len));
+ }
return err;
}
diff --git a/drivers/net/wireless/bcmdhd/wl_cfg80211.h b/drivers/net/wireless/bcmdhd/wl_cfg80211.h
index 56701ca3306b9931020d7bc9a80ae839b88c1807..db89ca39afe4d1085fffb4f2139ab9cb653c5033 100644
--- a/drivers/net/wireless/bcmdhd/wl_cfg80211.h
+++ b/drivers/net/wireless/bcmdhd/wl_cfg80211.h
@@ -360,12 +360,12 @@ struct net_info {
};
/* association inform */
-#define MAX_REQ_LINE 1024
+#define MAX_REQ_LINE 1024u
struct wl_connect_info {
u8 req_ie[MAX_REQ_LINE];
- s32 req_ie_len;
+ u32 req_ie_len;
u8 resp_ie[MAX_REQ_LINE];
- s32 resp_ie_len;
+ u32 resp_ie_len;
};
/* firmware /nvram downloading controller */
diff --git a/drivers/net/wireless/bcmdhd/wl_cfgvendor.c b/drivers/net/wireless/bcmdhd/wl_cfgvendor.c
index ece2b39364e2238bb14c10cd8f3ab5d9312d9e79..32a95866fe30ab7d38f06740cf8fc4792925dcde 100644
--- a/drivers/net/wireless/bcmdhd/wl_cfgvendor.c
+++ b/drivers/net/wireless/bcmdhd/wl_cfgvendor.c
@@ -1955,35 +1955,6 @@ wl_cfgvendor_rtt_cancel_responder(struct wiphy *wiphy, struct wireless_dev *wdev
return err;
}
#endif /* RTT_SUPPORT */
-static int wl_cfgvendor_priv_string_handler(struct wiphy *wiphy,
- struct wireless_dev *wdev, const void *data, int len)
-{
- struct bcm_cfg80211 *cfg = wiphy_priv(wiphy);
- int err = 0;
- int data_len = 0;
-
- bzero(cfg->ioctl_buf, WLC_IOCTL_MAXLEN);
-
- if (strncmp((char *)data, BRCM_VENDOR_SCMD_CAPA, strlen(BRCM_VENDOR_SCMD_CAPA)) == 0) {
- err = wldev_iovar_getbuf(bcmcfg_to_prmry_ndev(cfg), "cap", NULL, 0,
- cfg->ioctl_buf, WLC_IOCTL_MAXLEN, &cfg->ioctl_buf_sync);
- if (unlikely(err)) {
- WL_ERR(("error (%d)\n", err));
- return err;
- }
- data_len = strlen(cfg->ioctl_buf);
- cfg->ioctl_buf[data_len] = '\0';
- }
-
- err = wl_cfgvendor_send_cmd_reply(wiphy, bcmcfg_to_prmry_ndev(cfg),
- cfg->ioctl_buf, data_len+1);
- if (unlikely(err))
- WL_ERR(("Vendor Command reply failed ret:%d \n", err));
- else
- WL_INFORM(("Vendor Command reply sent successfully!\n"));
-
- return err;
-}
#ifdef LINKSTAT_SUPPORT
#define NUM_RATE 32
@@ -2867,14 +2838,6 @@ exit:
static const struct wiphy_vendor_command wl_vendor_cmds [] = {
- {
- {
- .vendor_id = OUI_BRCM,
- .subcmd = BRCM_VENDOR_SCMD_PRIV_STR
- },
- .flags = WIPHY_VENDOR_CMD_NEED_WDEV | WIPHY_VENDOR_CMD_NEED_NETDEV,
- .doit = wl_cfgvendor_priv_string_handler
- },
#ifdef GSCAN_SUPPORT
{
{
diff --git a/drivers/net/wireless/bcmdhd/wl_cfgvendor.h b/drivers/net/wireless/bcmdhd/wl_cfgvendor.h
index e15666f720e5053b674505e36217b73e5fed2989..5a0ef5176c6acb2f548715f1605ef0dfa7f673e7 100644
--- a/drivers/net/wireless/bcmdhd/wl_cfgvendor.h
+++ b/drivers/net/wireless/bcmdhd/wl_cfgvendor.h
@@ -413,9 +413,6 @@ typedef enum gscan_complete_event {
WIFI_SCAN_BUFFER_THR_BREACHED
} gscan_complete_event_t;
-/* Capture the BRCM_VENDOR_SUBCMD_PRIV_STRINGS* here */
-#define BRCM_VENDOR_SCMD_CAPA "cap"
-
#if (LINUX_VERSION_CODE > KERNEL_VERSION(3, 13, 0)) || defined(WL_VENDOR_EXT_SUPPORT)
extern int wl_cfgvendor_attach(struct wiphy *wiphy, dhd_pub_t *dhd);
extern int wl_cfgvendor_detach(struct wiphy *wiphy);
diff --git a/drivers/platform/msm/ipa/ipa_hdr.c b/drivers/platform/msm/ipa/ipa_hdr.c
index 92974c7878ed4f3a660f5dc7f52512181900342e..94f0529b00db664d3111da0fe0375b47040c6473 100644
--- a/drivers/platform/msm/ipa/ipa_hdr.c
+++ b/drivers/platform/msm/ipa/ipa_hdr.c
@@ -809,8 +809,17 @@ int __ipa_del_hdr(u32 hdr_hdl, bool by_user)
return -EINVAL;
}
- if (by_user)
+ if (by_user) {
+ if (!strcmp(entry->name, IPA_LAN_RX_HDR_NAME)) {
+ IPADBG("Trying to delete hdr %s offset=%u\n",
+ entry->name, entry->offset_entry->offset);
+ if (!entry->offset_entry->offset) {
+ IPAERR("User cannot delete default header\n");
+ return -EPERM;
+ }
+ }
entry->user_deleted = true;
+ }
if (--entry->ref_cnt) {
IPADBG("hdr_hdl %x ref_cnt %d\n", hdr_hdl, entry->ref_cnt);
@@ -1113,8 +1122,19 @@ int ipa_reset_hdr(void)
&ipa_ctx->hdr_tbl.head_hdr_entry_list, link) {
/* do not remove the default header */
- if (!strcmp(entry->name, IPA_LAN_RX_HDR_NAME))
- continue;
+ if (!strcmp(entry->name, IPA_LAN_RX_HDR_NAME)) {
+ IPADBG("Trying to remove hdr %s offset=%u\n",
+ entry->name, entry->offset_entry->offset);
+ if (!entry->offset_entry->offset) {
+ if (entry->is_hdr_proc_ctx) {
+ mutex_unlock(&ipa_ctx->lock);
+ WARN_ON(1);
+ return -EFAULT;
+ }
+ IPADBG("skip default header\n");
+ continue;
+ }
+ }
if (ipa_id_find(entry->id) == NULL) {
WARN_ON(1);
diff --git a/drivers/platform/msm/ipa/rmnet_ipa.c b/drivers/platform/msm/ipa/rmnet_ipa.c
index ba5426fd0e855b932b577b77277d56b29c3255b0..6ff19436a2c9735119b4d48e76335e0db6868903 100644
--- a/drivers/platform/msm/ipa/rmnet_ipa.c
+++ b/drivers/platform/msm/ipa/rmnet_ipa.c
@@ -375,12 +375,15 @@ int copy_ul_filter_rule_to_ipa(struct ipa_install_fltr_rule_req_msg_v01
{
int rc = 0, i, j;
+ /* prevent multi-threads accessing num_q6_rule */
+ mutex_lock(&add_mux_channel_lock);
if (rule_req->filter_spec_list_valid == true) {
num_q6_rule = rule_req->filter_spec_list_len;
IPAWANDBG("Received (%d) install_flt_req\n", num_q6_rule);
} else {
num_q6_rule = 0;
IPAWANERR("got no UL rules from modem\n");
+ mutex_unlock(&add_mux_channel_lock);
return -EINVAL;
}
/* copy UL filter rules from Modem*/
@@ -539,6 +542,7 @@ int copy_ul_filter_rule_to_ipa(struct ipa_install_fltr_rule_req_msg_v01
ipv4_frag_eq_present = rule_req->filter_spec_list[i].
filter_rule.ipv4_frag_eq_present;
}
+ mutex_unlock(&add_mux_channel_lock);
return rc;
}
@@ -1329,8 +1333,11 @@ static int ipa_wwan_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
IPAWANERR("failed to config egress endpoint\n");
if (num_q6_rule != 0) {
+ /* protect num_q6_rule */
+ mutex_lock(&add_mux_channel_lock);
/* already got Q6 UL filter rules*/
rc = wwan_add_ul_flt_rule_to_ipa();
+ mutex_unlock(&add_mux_channel_lock);
egress_set = true;
if (rc)
IPAWANERR("install UL rules failed\n");
diff --git a/drivers/soc/qcom/qdsp6v2/apr.c b/drivers/soc/qcom/qdsp6v2/apr.c
index a295373ed88c4dcc98c8d33b34540034c53d273c..5f25054e9f02e62a26f4ade03bf464a6f52ed473 100644
--- a/drivers/soc/qcom/qdsp6v2/apr.c
+++ b/drivers/soc/qcom/qdsp6v2/apr.c
@@ -551,7 +551,8 @@ void apr_cb_func(void *buf, int len, void *priv)
temp_port = ((data.dest_port >> 8) * 8) + (data.dest_port & 0xFF);
pr_debug("port = %d t_port = %d\n", data.src_port, temp_port);
- if (c_svc->port_cnt && c_svc->port_fn[temp_port])
+ if (((temp_port >= 0) && (temp_port < APR_MAX_PORTS))
+ && (c_svc->port_cnt && c_svc->port_fn[temp_port]))
c_svc->port_fn[temp_port](&data, c_svc->port_priv[temp_port]);
else if (c_svc->fn)
c_svc->fn(&data, c_svc->priv);
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 31e965297c527dcf5ad33444f312a9a05643385a..2cf90208e3bc7deda6f751cd48ecac5df40a5440 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1025,6 +1025,11 @@ static int acm_probe(struct usb_interface *intf,
}
while (buflen > 0) {
+ if ((buflen < buffer[0]) || (buffer[0] < 3)) {
+ dev_err(&intf->dev, "invalid descriptor buffer length\n");
+ break;
+ }
+
if (buffer[1] != USB_DT_CS_INTERFACE) {
dev_err(&intf->dev, "skipping garbage\n");
goto next_desc;
diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c
index 6463ca3bcfbacee84d0155291f10df812f650940..010ff5bafb6049a6374cb1167cd3e85de6aa41e4 100644
--- a/drivers/usb/class/cdc-wdm.c
+++ b/drivers/usb/class/cdc-wdm.c
@@ -839,7 +839,12 @@ static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
if (!buffer)
goto err;
- while (buflen > 2) {
+ while (buflen > 0) {
+ if ((buflen < buffer[0]) || (buffer[0] < 3)) {
+ dev_err(&intf->dev, "invalid descriptor buffer length\n");
+ goto err;
+ }
+
if (buffer[1] != USB_DT_CS_INTERFACE) {
dev_err(&intf->dev, "skipping garbage\n");
goto next_desc;
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index c9b79f481939349f4da0596f4aceba11fbc76e71..b304648a759a418dbb3bd9b3dfb5d695783ee2c3 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -473,11 +473,16 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
u8 tos;
int err;
struct ip_options_data opt_copy;
+ int hdrincl;
err = -EMSGSIZE;
if (len > 0xFFFF)
goto out;
+ /* hdrincl should be READ_ONCE(inet->hdrincl)
+ * but READ_ONCE() doesn't work with bit fields
+ */
+ hdrincl = inet->hdrincl;
/*
* Check the flags.
*/
@@ -548,7 +553,7 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
/* Linux does not mangle headers on raw sockets,
* so that IP options + IP_HDRINCL is non-sense.
*/
- if (inet->hdrincl)
+ if (hdrincl)
goto done;
if (ipc.opt->opt.srr) {
if (!daddr)
@@ -570,12 +575,12 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
flowi4_init_output(&fl4, ipc.oif, sk->sk_mark, tos,
RT_SCOPE_UNIVERSE,
- inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
+ hdrincl ? IPPROTO_RAW : sk->sk_protocol,
inet_sk_flowi_flags(sk) | FLOWI_FLAG_CAN_SLEEP |
- (inet->hdrincl ? FLOWI_FLAG_KNOWN_NH : 0),
+ (hdrincl ? FLOWI_FLAG_KNOWN_NH : 0),
daddr, saddr, 0, 0, sk->sk_uid);
- if (!inet->hdrincl) {
+ if (!hdrincl) {
err = raw_probe_proto_opt(&fl4, msg);
if (err)
goto done;
@@ -597,7 +602,7 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
goto do_confirm;
back_from_confirm:
- if (inet->hdrincl)
+ if (hdrincl)
err = raw_send_hdrinc(sk, &fl4, msg->msg_iov, len,
&rt, msg->msg_flags);
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 4cca5fd91f337cef4dd8536bdf981b5ffd63b25c..0da9035d7c6fe073ebaeff0e0178a3c2ce623b7e 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -458,6 +458,14 @@ nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
};
+/* policy for packet pattern attributes */
+static const struct nla_policy
+nl80211_packet_pattern_policy[MAX_NL80211_WOWLAN_PKTPAT + 1] = {
+ [NL80211_WOWLAN_PKTPAT_MASK] = { .type = NLA_BINARY, },
+ [NL80211_WOWLAN_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
+ [NL80211_WOWLAN_PKTPAT_OFFSET] = { .type = NLA_U32 },
+};
+
static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
struct netlink_callback *cb,
struct cfg80211_registered_device **rdev,
@@ -8128,7 +8136,7 @@ static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
rem) {
nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
- nla_data(pat), nla_len(pat), NULL);
+ nla_data(pat), nla_len(pat), nl80211_packet_pattern_policy);
err = -EINVAL;
if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
!pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index c4c8df4b214d9f0bc2f941e0144526b3260a7a1f..258bd532cbf3b734665ba7871caff99fda7a9571 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -141,23 +141,22 @@ static int valid_ecryptfs_desc(const char *ecryptfs_desc)
*/
static int valid_master_desc(const char *new_desc, const char *orig_desc)
{
- if (!memcmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN)) {
- if (strlen(new_desc) == KEY_TRUSTED_PREFIX_LEN)
- goto out;
- if (orig_desc)
- if (memcmp(new_desc, orig_desc, KEY_TRUSTED_PREFIX_LEN))
- goto out;
- } else if (!memcmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN)) {
- if (strlen(new_desc) == KEY_USER_PREFIX_LEN)
- goto out;
- if (orig_desc)
- if (memcmp(new_desc, orig_desc, KEY_USER_PREFIX_LEN))
- goto out;
- } else
- goto out;
+ int prefix_len;
+
+ if (!strncmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN))
+ prefix_len = KEY_TRUSTED_PREFIX_LEN;
+ else if (!strncmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN))
+ prefix_len = KEY_USER_PREFIX_LEN;
+ else
+ return -EINVAL;
+
+ if (!new_desc[prefix_len])
+ return -EINVAL;
+
+ if (orig_desc && strncmp(new_desc, orig_desc, prefix_len))
+ return -EINVAL;
+
return 0;
-out:
- return -EINVAL;
}
/*