Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/security/keys
History
David Howells 48ec02cc77 KEYS: Fix race between key destruction and finding a keyring by name 
commit 94c4554ba07adbdde396748ee7ae01e86cf2d8d7 upstream.

There appears to be a race between:

 (1) key_gc_unused_keys() which frees key->security and then calls
     keyring_destroy() to unlink the name from the name list

 (2) find_keyring_by_name() which calls key_permission(), thus accessing
     key->security, on a key before checking to see whether the key usage is 0
     (ie. the key is dead and might be cleaned up).

Fix this by calling ->destroy() before cleaning up the core key data -
including key->security.

Reported-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
[lizf: Backported to 3.4: adjust indentation]
Signed-off-by: Zefan Li <lizefan@huawei.com>
2016-03-21 09:17:55 +08:00
..
encrypted-keys KEYS: Fix stale key registration at error path 2015-04-14 17:33:45 +08:00
compat.c Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys 2013-03-14 11:29:51 -07:00
gc.c KEYS: Fix race between key destruction and finding a keyring by name 2016-03-21 09:17:55 +08:00
internal.h
key.c
keyctl.c key: Fix resource leak 2013-03-28 12:12:27 -07:00
keyring.c
Makefile
permission.c
proc.c
process_keys.c
request_key.c
request_key_auth.c
sysctl.c
trusted.c
trusted.h
user_defined.c