| 1 |
commit: 60819cada78a66ee028324352356aeec36d11420 |
| 2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun Jan 31 23:49:34 2016 +0000 |
| 4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Jan 31 23:49:34 2016 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=60819cad |
| 7 |
|
| 8 |
Remove redundant patch |
| 9 |
|
| 10 |
...ing-refleak-in-join-session-CVE-2016-0728.patch | 81 ---------------------- |
| 11 |
1 file changed, 81 deletions(-) |
| 12 |
|
| 13 |
diff --git a/1520_keyring-refleak-in-join-session-CVE-2016-0728.patch b/1520_keyring-refleak-in-join-session-CVE-2016-0728.patch |
| 14 |
deleted file mode 100644 |
| 15 |
index 49020d7..0000000 |
| 16 |
--- a/1520_keyring-refleak-in-join-session-CVE-2016-0728.patch |
| 17 |
+++ /dev/null |
| 18 |
@@ -1,81 +0,0 @@ |
| 19 |
-From 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 Mon Sep 17 00:00:00 2001 |
| 20 |
-From: Yevgeny Pats <yevgeny@××××××××××××××××.io> |
| 21 |
-Date: Tue, 19 Jan 2016 22:09:04 +0000 |
| 22 |
-Subject: KEYS: Fix keyring ref leak in join_session_keyring() |
| 23 |
- |
| 24 |
-This fixes CVE-2016-0728. |
| 25 |
- |
| 26 |
-If a thread is asked to join as a session keyring the keyring that's already |
| 27 |
-set as its session, we leak a keyring reference. |
| 28 |
- |
| 29 |
-This can be tested with the following program: |
| 30 |
- |
| 31 |
- #include <stddef.h> |
| 32 |
- #include <stdio.h> |
| 33 |
- #include <sys/types.h> |
| 34 |
- #include <keyutils.h> |
| 35 |
- |
| 36 |
- int main(int argc, const char *argv[]) |
| 37 |
- { |
| 38 |
- int i = 0; |
| 39 |
- key_serial_t serial; |
| 40 |
- |
| 41 |
- serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, |
| 42 |
- "leaked-keyring"); |
| 43 |
- if (serial < 0) { |
| 44 |
- perror("keyctl"); |
| 45 |
- return -1; |
| 46 |
- } |
| 47 |
- |
| 48 |
- if (keyctl(KEYCTL_SETPERM, serial, |
| 49 |
- KEY_POS_ALL | KEY_USR_ALL) < 0) { |
| 50 |
- perror("keyctl"); |
| 51 |
- return -1; |
| 52 |
- } |
| 53 |
- |
| 54 |
- for (i = 0; i < 100; i++) { |
| 55 |
- serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, |
| 56 |
- "leaked-keyring"); |
| 57 |
- if (serial < 0) { |
| 58 |
- perror("keyctl"); |
| 59 |
- return -1; |
| 60 |
- } |
| 61 |
- } |
| 62 |
- |
| 63 |
- return 0; |
| 64 |
- } |
| 65 |
- |
| 66 |
-If, after the program has run, there something like the following line in |
| 67 |
-/proc/keys: |
| 68 |
- |
| 69 |
-3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty |
| 70 |
- |
| 71 |
-with a usage count of 100 * the number of times the program has been run, |
| 72 |
-then the kernel is malfunctioning. If leaked-keyring has zero usages or |
| 73 |
-has been garbage collected, then the problem is fixed. |
| 74 |
- |
| 75 |
-Reported-by: Yevgeny Pats <yevgeny@××××××××××××××××.io> |
| 76 |
-Signed-off-by: David Howells <dhowells@××××××.com> |
| 77 |
-Acked-by: Don Zickus <dzickus@××××××.com> |
| 78 |
-Acked-by: Prarit Bhargava <prarit@××××××.com> |
| 79 |
-Acked-by: Jarod Wilson <jarod@××××××.com> |
| 80 |
-Signed-off-by: James Morris <james.l.morris@××××××.com> |
| 81 |
---- |
| 82 |
- security/keys/process_keys.c | 1 + |
| 83 |
- 1 file changed, 1 insertion(+) |
| 84 |
- |
| 85 |
-diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c |
| 86 |
-index a3f85d2..e6d50172 100644 |
| 87 |
---- a/security/keys/process_keys.c |
| 88 |
-+++ b/security/keys/process_keys.c |
| 89 |
-@@ -794,6 +794,7 @@ long join_session_keyring(const char *name) |
| 90 |
- ret = PTR_ERR(keyring); |
| 91 |
- goto error2; |
| 92 |
- } else if (keyring == new->session_keyring) { |
| 93 |
-+ key_put(keyring); |
| 94 |
- ret = 0; |
| 95 |
- goto error2; |
| 96 |
- } |
| 97 |
--- |
| 98 |
-cgit v0.12 |
| 99 |
- |
Archives