Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/security/keys
History
David Howells 94c4554ba0 KEYS: Fix race between key destruction and finding a keyring by name 
There appears to be a race between:

 (1) key_gc_unused_keys() which frees key->security and then calls
     keyring_destroy() to unlink the name from the name list

 (2) find_keyring_by_name() which calls key_permission(), thus accessing
     key->security, on a key before checking to see whether the key usage is 0
     (ie. the key is dead and might be cleaned up).

Fix this by calling ->destroy() before cleaning up the core key data -
including key->security.

Reported-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
 		2015-09-25 16:30:08 +01:00
..
encrypted-keys
Kconfig
Makefile
big_key.c
compat.c switch keyctl_instantiate_key_common() to iov_iter 2015-04-11 22:27:12 -04:00
gc.c KEYS: Fix race between key destruction and finding a keyring by name 2015-09-25 16:30:08 +01:00
internal.h switch keyctl_instantiate_key_common() to iov_iter 2015-04-11 22:27:12 -04:00
key.c
keyctl.c switch keyctl_instantiate_key_common() to iov_iter 2015-04-11 22:27:12 -04:00
keyring.c KEYS: ensure we free the assoc array edit if edit is valid 2015-07-28 13:08:23 +10:00
permission.c
persistent.c
proc.c
process_keys.c capabilities: ambient capabilities 2015-09-04 16:54:41 -07:00
request_key.c Don't leak a key reference if request_key() tries to use a revoked keyring 2015-02-16 13:45:16 +11:00
request_key_auth.c
sysctl.c
trusted.c
trusted.h
user_defined.c