Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity

KEYS: Don't permit request_key() to construct a new keyring 

If request_key() is used to find a keyring, only do the search part - don't
do the construction part if the keyring was not found by the search.  We
don't really want keyrings in the negative instantiated state since the
rejected/negative instantiation error value in the payload is unioned with
keyring metadata.

Now the kernel gives an error:

	request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted)

Signed-off-by: David Howells <dhowells@redhat.com>
CVE-2015-7872
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>

Change-Id: I3603fec8fab929d7636d7223901f16dc8d8026cc
This commit is contained in:
David Howells 2015-10-19 11:20:28 +01:00 committed by L R
parent 2b694b422f
commit d587946ff0
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
security/keys/request_key.c
View File

@ -481,6 +481,9 @@ static struct key *construct_key_and_link(struct key_type *type,
kenter("");
if (type == &key_type_keyring)
return ERR_PTR(-EPERM);
ret = construct_get_dest_keyring(&dest_keyring);
if (ret)
goto error;