commit e2c78fb27dd13ab8c778a9689affe95c92030a32
Author: Greg Kroah-Hartman <gregkh@suse.de>
Date:   Mon Apr 10 22:27:44 2006 -0700

    Linux 2.6.16.3

commit 5494bd6a500cc7c5a502279eabfbdacccd4b89d1
Author: David Howells <dhowells@redhat.com>
Date:   Mon Apr 10 17:01:40 2006 +0000

    [PATCH] Keys: Fix oops when adding key to non-keyring [CVE-2006-1522]
    
    This fixes the problem of an oops occuring when a user attempts to add a
    key to a non-keyring key [CVE-2006-1522].
    
    The problem is that __keyring_search_one() doesn't check that the
    keyring it's been given is actually a keyring.
    
    I've fixed this problem by:
    
     (1) declaring that caller of __keyring_search_one() must guarantee that
         the keyring is a keyring; and
    
     (2) making key_create_or_update() check that the keyring is a keyring,
         and return -ENOTDIR if it isn't.
    
    This can be tested by:
    
    	keyctl add user b b `keyctl add user a a @s`
    
    Signed-off-by: David Howells <dhowells@redhat.com>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>