KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Eric Biggers <ebiggers@google.com>	2017-04-18 15:31:09 +0100
committer	Moyster <oysterized@gmail.com>	2017-05-20 19:05:37 +0200
commit	1035d5a1aa4f92bb37c1badb6e970051bace8fe6 (patch)
tree	825f39909b7d2294ecf737fba2034898468000c2 /kernel/trace
parent	2fb6ab951ff946a879d9128a81b9b960ffe511bd (diff)

KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings

commit c9f838d104fed6f2f61d68164712e3204bf5271b upstream. This fixes CVE-2017-7472. Running the following program as an unprivileged user exhausts kernel memory by leaking thread keyrings: #include <keyutils.h> int main() { for (;;) keyctl_set_reqkey_keyring(KEY_REQKEY_DEFL_THREAD_KEYRING); } Fix it by only creating a new thread keyring if there wasn't one before. To make things more consistent, make install_thread_keyring_to_cred() and install_process_keyring_to_cred() both return 0 if the corresponding keyring is already present. Fixes: d84f4f992cbd ("CRED: Inaugurate COW credentials") Change-Id: I06eab1b34d56d23af7481f74d7b7a48887609dc7 Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'kernel/trace')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: