diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2015-10-19 21:33:39 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2015-10-19 21:33:39 +0200 |
| commit | 6dd6bf4bb237f11cc6a28812d6a37238611656e0 (patch) | |
| tree | 6ffe94d92103e2a1d7e0e04172303dd17beeabe3 | |
| parent | a4b71a2ac3bfac58dbc6d411abdb414d32dd2efe (diff) | |
| download | kernel_replicant_linux-6dd6bf4bb237f11cc6a28812d6a37238611656e0.tar.gz kernel_replicant_linux-6dd6bf4bb237f11cc6a28812d6a37238611656e0.tar.bz2 kernel_replicant_linux-6dd6bf4bb237f11cc6a28812d6a37238611656e0.zip | |
KEYS: Don't permit request_key() to construct a new keyring
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rw-r--r-- | debian/patches/bugfix/all/0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch | 33 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
3 files changed, 35 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 1475550b41e9..c2b93ec73a6d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ linux (4.2.3-3) UNRELEASED; urgency=medium * KEYS: Fix race between key destruction and finding a keyring by name * KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring + * KEYS: Don't permit request_key() to construct a new keyring -- Salvatore Bonaccorso <carnil@debian.org> Mon, 19 Oct 2015 21:23:18 +0200 diff --git a/debian/patches/bugfix/all/0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch b/debian/patches/bugfix/all/0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch new file mode 100644 index 000000000000..7ad72d5b468e --- /dev/null +++ b/debian/patches/bugfix/all/0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch @@ -0,0 +1,33 @@ +From: David Howells <dhowells@redhat.com> +Date: Mon, 19 Oct 2015 11:33:38 +0100 +Subject: KEYS: Don't permit request_key() to construct a new keyring +Origin: http://pkgs.fedoraproject.org/cgit/kernel.git/plain/0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch?id=d76d5fe34b5c151ad83761160998b1075729b541 + + If request_key() is used to find a keyring, only do the search part - don't + do the construction part if the keyring was not found by the search. We + don't really want keyrings in the negative instantiated state since the + rejected/negative instantiation error value in the payload is unioned with + keyring metadata. + + Signed-off-by: David Howells <dhowells@redhat.com> +--- + security/keys/request_key.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/security/keys/request_key.c b/security/keys/request_key.c +index 486ef6fa393b..0d6253124278 100644 +--- a/security/keys/request_key.c ++++ b/security/keys/request_key.c +@@ -440,6 +440,9 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx, + + kenter(""); + ++ if (ctx->index_key.type == &key_type_keyring) ++ return ERR_PTR(-EPERM); ++ + user = key_user_lookup(current_fsuid()); + if (!user) + return ERR_PTR(-ENOMEM); +-- +2.4.3 + diff --git a/debian/patches/series b/debian/patches/series index 67f0b4e8b4bf..fdc565fe68cc 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -110,3 +110,4 @@ bugfix/all/nbd-add-locking-for-tasks.patch bugfix/all/0001-KEYS-Fix-race-between-key-destruction-and-finding-a-.patch bugfix/all/0001-KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch +bugfix/all/0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch |