From: Kevin Kuehler <keur@xcf.berkeley.edu>
Date: Thu, 28 Nov 2019 00:35:15 +0000 (-0800)
Subject: shared/ask-password-api: modify keyctl break value
X-Git-Tag: v244~20
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6da498c28f2598bea4d651756485f57d54e379f4;p=thirdparty%2Fsystemd.git

shared/ask-password-api: modify keyctl break value

We can break if KEYCTL_READ return value is equal to our buffer size.

From keyctl(2):

On a successful return, the return value is always the total size of
the payload data.  To determine whether the buffer was of sufficient
size, check to see that the return value is less than or equal to the
value supplied in arg4.
---

diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 9ffbe1bc4e0..7f6775f4a13 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -78,7 +78,7 @@ static int retrieve_key(key_serial_t serial, char ***ret) {
                 n = keyctl(KEYCTL_READ, (unsigned long) serial, (unsigned long) p, (unsigned long) m, 0);
                 if (n < 0)
                         return -errno;
-                if ((size_t) n < m) {
+                if ((size_t) n <= m) {
                         nfinal = (size_t) n;
                         pfinal = TAKE_PTR(p);
                         break;