Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'keys-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs

Pull key handling fixes from David Howells:
"Here are two patches, the first of which at least should go upstream
immediately:

(1) Prevent a user-triggerable crash in the keyrings destructor when a
negatively instantiated keyring is garbage collected. I have also
seen this triggered for user type keys.

(2) Prevent the user from using requesting that a keyring be created
and instantiated through an upcall. Doing so is probably safe
since the keyring type ignores the arguments to its instantiation
function - but we probably shouldn't let keyrings be created in
this manner"

* 'keys-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
KEYS: Don't permit request_key() to construct a new keyring
KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring

+7 -2
+4 -2
security/keys/gc.c
··· 134 134 kdebug("- %u", key->serial); 135 135 key_check(key); 136 136 137 - /* Throw away the key data */ 138 - if (key->type->destroy) 137 + /* Throw away the key data if the key is instantiated */ 138 + if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags) && 139 + !test_bit(KEY_FLAG_NEGATIVE, &key->flags) && 140 + key->type->destroy) 139 141 key->type->destroy(key); 140 142 141 143 security_key_free(key);
+3
security/keys/request_key.c
··· 440 440 441 441 kenter(""); 442 442 443 + if (ctx->index_key.type == &key_type_keyring) 444 + return ERR_PTR(-EPERM); 445 + 443 446 user = key_user_lookup(current_fsuid()); 444 447 if (!user) 445 448 return ERR_PTR(-ENOMEM);