KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings - linux - Linux Kernel (branches are rebased on master from time to time)

diff options

author	Eric Biggers <ebiggers@google.com>	2017-04-18 15:31:09 +0100
committer	David Howells <dhowells@redhat.com>	2017-04-18 15:31:49 +0100
commit	c9f838d104fed6f2f61d68164712e3204bf5271b (patch)
tree	11f3973c37a4070994d1f64ed444a233ef7f10b4 /ipc/msg.c
parent	c1644fe041ebaf6519f6809146a77c3ead9193af (diff)
download	linux-c9f838d104fed6f2f61d68164712e3204bf5271b.tar.bz2

KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings

This fixes CVE-2017-7472. Running the following program as an unprivileged user exhausts kernel memory by leaking thread keyrings: #include <keyutils.h> int main() { for (;;) keyctl_set_reqkey_keyring(KEY_REQKEY_DEFL_THREAD_KEYRING); } Fix it by only creating a new thread keyring if there wasn't one before. To make things more consistent, make install_thread_keyring_to_cred() and install_process_keyring_to_cred() both return 0 if the corresponding keyring is already present. Fixes: d84f4f992cbd ("CRED: Inaugurate COW credentials") Cc: stable@vger.kernel.org # 2.6.29+ Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com>

Diffstat (limited to 'ipc/msg.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: