keyring-util: Use reported key size to resize buf

According to keyctl(2), the return value for KEYCTL_READ is: The amount of data that is available in the key, irrespective of the provided buffer size So, we could pass in a NULL buffer to query the size, then allocate the exact right amount of space, then call keyctl again to get the key data. However, we must still keep the for loop to avoid TOCTOU issues: the key might have been replaced with something bigger while we're busy allocating the buffer to store it. Thus, we can actually save a syscall by picking some reasonable default buffer size and skipping the NULL call to keyctl. If our default is big enough, we're done and have saved a syscall! If not, then the first call behaves essentially the same as the NULL call, and we use the size it returns to reallocate the buffer appropriately.
2026-03-06 15:02:31 -08:00 · 2024-02-01 17:53:01 -05:00
parent 614d09a37d
commit d0aef638ac
1 changed files with 9 additions and 12 deletions
--- a/src/shared/keyring-util.c
+++ b/src/shared/keyring-util.c
@@ -5,34 +5,31 @@
 #include "missing_syscall.h"

 int keyring_read(key_serial_t serial, void **ret, size_t *ret_size) {
-        size_t m = 100;
+        size_t bufsize = 100;

        for (;;) {
-                _cleanup_(erase_and_freep) uint8_t *p = NULL;
+                _cleanup_(erase_and_freep) uint8_t *buf = NULL;
                long n;

-                p = new(uint8_t, m+1);
-                if (!p)
+                buf = new(uint8_t, bufsize + 1);
+                if (!buf)
                        return -ENOMEM;

-                n = keyctl(KEYCTL_READ, (unsigned long) serial, (unsigned long) p, (unsigned long) m, 0);
+                n = keyctl(KEYCTL_READ, (unsigned long) serial, (unsigned long) buf, (unsigned long) bufsize, 0);
                if (n < 0)
                        return -errno;

-                if ((size_t) n <= m) {
-                        p[n] = 0; /* NUL terminate, just in case */
+                if ((size_t) n <= bufsize) {
+                        buf[n] = 0; /* NUL terminate, just in case */

                        if (ret)
-                                *ret = TAKE_PTR(p);
+                                *ret = TAKE_PTR(buf);
                        if (ret_size)
                                *ret_size = n;

                        return 0;
                }

-                if (m > (SIZE_MAX-1) / 2) /* overflow check */
-                        return -ENOMEM;
-
-                m *= 2;
+                bufsize = (size_t) n;
        }
 }