path: root/include/keys
diff options
authorDavid Howells <>2020-09-27 11:07:21 +0100
committerDavid Howells <>2020-11-23 18:09:29 +0000
commitd2ae4e918218f543214fbd906db68a6c580efbbb (patch)
treeb240ab494a23255f2f8b59bd682c33420675fdd3 /include/keys
parent12da59fcab5a05d01773e7cb413b8b8f3bb4e334 (diff)
rxrpc: Don't leak the service-side session key to userspace
Don't let someone reading a service-side rxrpc-type key get access to the session key that was exchanged with the client. The server application will, at some point, need to be able to read the information in the ticket, but this probably shouldn't include the key material. Signed-off-by: David Howells <>
Diffstat (limited to 'include/keys')
1 files changed, 1 insertions, 0 deletions
diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h
index 8e4ced9b4ecf..333c0f49a9cd 100644
--- a/include/keys/rxrpc-type.h
+++ b/include/keys/rxrpc-type.h
@@ -36,6 +36,7 @@ struct rxkad_key {
struct rxrpc_key_token {
u16 security_index; /* RxRPC header security index */
+ bool no_leak_key; /* Don't copy the key to userspace */
struct rxrpc_key_token *next; /* the next token in the list */
union {
struct rxkad_key *kad;