mirror of https://gitee.com/openkylin/linux.git
Merge branch 'keys-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
Pull key handling fixes from David Howells: "Here are two patches, the first of which at least should go upstream immediately: (1) Prevent a user-triggerable crash in the keyrings destructor when a negatively instantiated keyring is garbage collected. I have also seen this triggered for user type keys. (2) Prevent the user from using requesting that a keyring be created and instantiated through an upcall. Doing so is probably safe since the keyring type ignores the arguments to its instantiation function - but we probably shouldn't let keyrings be created in this manner" * 'keys-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: KEYS: Don't permit request_key() to construct a new keyring KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring
This commit is contained in:
commit
ce1fad2740
|
@ -134,8 +134,10 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
|
|||
kdebug("- %u", key->serial);
|
||||
key_check(key);
|
||||
|
||||
/* Throw away the key data */
|
||||
if (key->type->destroy)
|
||||
/* Throw away the key data if the key is instantiated */
|
||||
if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
|
||||
!test_bit(KEY_FLAG_NEGATIVE, &key->flags) &&
|
||||
key->type->destroy)
|
||||
key->type->destroy(key);
|
||||
|
||||
security_key_free(key);
|
||||
|
|
|
@ -440,6 +440,9 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
|
|||
|
||||
kenter("");
|
||||
|
||||
if (ctx->index_key.type == &key_type_keyring)
|
||||
return ERR_PTR(-EPERM);
|
||||
|
||||
user = key_user_lookup(current_fsuid());
|
||||
if (!user)
|
||||
return ERR_PTR(-ENOMEM);
|
||||
|
|
Loading…
Reference in New Issue