From 7f891e5db77b0547a40aa26c9339d487b7f77525 Mon Sep 17 00:00:00 2001
From: Mitch Walker <mitch@gearnine.com>
Date: Wed, 8 Jun 2016 11:56:58 +0200
Subject: [PATCH] add_key.2: Empty payloads are not allowed in user-defined
 keys

iBoth add_key and the utility "keyctl add" return EINVAL when
attempting to add a user key with an empty or NULL payload.

The manpage implies that this should be valid.

From my reading of the kernel source, this has not been possible
since at least linux kernel commit 1da177e4 (2.6.12-rc2 on
2005-04-16).

Until kernel commit cf7f601c,
security/keys/user_defined.c:user_instantiate returned -EINVAL
if datalen <= 0.  That commit only moved this behavior to a new
user_preparse function, where it remains today in b562e44f
(4.5.0 on 2016-03-13).

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man2/add_key.2 | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/man2/add_key.2 b/man2/add_key.2
index ae0d59fce..6d318c107 100644
--- a/man2/add_key.2
+++ b/man2/add_key.2
@@ -74,9 +74,6 @@ may be any valid string, though it is preferred that the description be
 prefixed with a string representing the service to which the key is of interest
 and a colon (for instance
 .RB \*(lq afs:mykey \*(rq).
-The
-.I payload
-may be empty or NULL for keys of this type.
 .TP
 .B \*(lqkeyring\*(rq
 Keyrings are special key types that may contain links to sequences of other