From: Yu Watanabe Date: Tue, 30 Nov 2021 14:05:15 +0000 (+0900) Subject: ask-password: fix error handling X-Git-Tag: v250-rc1~104^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=16edfadc6773265967be37b63ab6ce00f8b49157;p=thirdparty%2Fsystemd.git ask-password: fix error handling ERRNO_IS_NOT_SUPPORTED() also matches positive values. Fortunately, lookup_key() does not return positive values. --- diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index 07e301276f7..b6cdb995968 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -153,15 +153,16 @@ static int ask_password_keyring(const char *keyname, AskPasswordFlags flags, cha return -EUNATCH; r = lookup_key(keyname, &serial); - if (ERRNO_IS_NOT_SUPPORTED(r) || r == -EPERM) /* when retrieving the distinction between "kernel or - * container manager don't support or allow this" and - * "no matching key known" doesn't matter. Note that we - * propagate EACCESS here (even if EPERM not) since - * that is used if the keyring is available but we lack - * access to the key. */ - return -ENOKEY; - if (r < 0) + if (r < 0) { + /* when retrieving the distinction between "kernel or container manager don't support + * or allow this" and "no matching key known" doesn't matter. Note that we propagate + * EACCESS here (even if EPERM not) since that is used if the keyring is available but + * we lack access to the key. */ + if (ERRNO_IS_NOT_SUPPORTED(r) || r == -EPERM) + return -ENOKEY; + return r; + } return retrieve_key(serial, ret); }