Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp1945490ima; Thu, 25 Oct 2018 07:23:30 -0700 (PDT) X-Google-Smtp-Source: AJdET5df7HHGtOIgL8qmMEk5qHlkd6bTzKTtKXxGRUKrf72W146EvYxkWOpLZbkQtt2is84kDX8a X-Received: by 2002:a62:6801:: with SMTP id d1-v6mr1763742pfc.7.1540477410870; Thu, 25 Oct 2018 07:23:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540477410; cv=none; d=google.com; s=arc-20160816; b=w9WemJrNQfdvqkqf1QJtSLzcqODqa/+zOkyLCaSU0wTQYmolJasmGxTtKCeaGiOraK sTGGrxrHL6hCORQvAQROtHe9yyt+KJsuG8puTPyl+VCPFN+Er/pZZhbPppqIY91N1r54 bRMT1fLJiPTkDdcYZW/8O25HGZbjQeXwyOFXBgy1RM07DjoeAqi4lqt6FBIS6H4eV7Fb CxwLa75gBR0KffZpWDYrNj7NrWO1peG2Q8e0H1K2rLliXDYfcOyaHE1pypTToW0vE3RC EF5PVu5AoprLFxgprzkApnRFvDhwiKSAvEEE0k1AFLfVn8uP2gLKZAz4hCpXrTJAJ7ne e3/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=nqmDxdFXTPL3BOKdGcWU4f9l0Yp1biQvRrOzrWU9a8o=; b=dBNu3v68hY3wukxkM70RKFB3MIl32uWd6UjxkP2dVuaK94U8w/hqDeaI1gjqhd9AsH q/5IsZm/mRAI/N8TFzpQ2A6vuL+RyTtn3t/3ZFIx5wU1pqb6GDpAm7rDaF9dXagBY/1j 8HyaAxQzYD3wz4vEkI9qPPqP0ilZt38tBOiE6WsoHY0hi4zdpE7f8Q1/GbZUnlQf+4FJ kivcX8ifaRXk8U3iLdFdneRwuTPjFumpZf3VswmwmcTDCf0eM+/WHO0UuslnxBd1MO2X FzBJ1OkKn1yfgDHmBEBkTqRMgeKOkyXDT0AUj0WGfMdRiOS0CtHy38wR3V3oUALnry/Q h5LA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LgGVBhu5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a77-v6si8329433pfe.29.2018.10.25.07.22.30; Thu, 25 Oct 2018 07:23:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=LgGVBhu5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731487AbeJYWyT (ORCPT + 99 others); Thu, 25 Oct 2018 18:54:19 -0400 Received: from mail.kernel.org ([198.145.29.99]:37204 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731391AbeJYWyR (ORCPT ); Thu, 25 Oct 2018 18:54:17 -0400 Received: from sasha-vm.mshome.net (unknown [167.98.65.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A20412085B; Thu, 25 Oct 2018 14:21:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1540477279; bh=46u7Ri/GaPGJJR7KCBCAUh1nLhznMM0OpHkFyk94cKU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LgGVBhu5Int+TJoAPO5qV78xtikMUQ3bhhkjICwmBGl5fLa4O0mL76ujZWyIGZptQ pHxb5AYT0RRzlP8T6WDF+YC5KZjRtaDH3tHk5EsVSTz0daE2v8k/CQv1J3NhwVnkYB D+pGmzjoAKBfSx0vVcbBWznetBrPIxe6XJOANof4= From: Sasha Levin To: stable@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Eric Biggers , David Howells , James Morris , Sasha Levin Subject: [PATCH AUTOSEL 3.18 94/98] KEYS: put keyring if install_session_keyring_to_cred() fails Date: Thu, 25 Oct 2018 10:18:49 -0400 Message-Id: <20181025141853.214051-94-sashal@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181025141853.214051-1-sashal@kernel.org> References: <20181025141853.214051-1-sashal@kernel.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers [ Upstream commit d636bd9f12a66ea3775c9fabbf3f8e118253467a ] In join_session_keyring(), if install_session_keyring_to_cred() were to fail, we would leak the keyring reference, just like in the bug fixed by commit 23567fd052a9 ("KEYS: Fix keyring ref leak in join_session_keyring()"). Fortunately this cannot happen currently, but we really should be more careful. Do this by adding and using a new error label at which the keyring reference is dropped. Signed-off-by: Eric Biggers Signed-off-by: David Howells Signed-off-by: James Morris Signed-off-by: Sasha Levin --- security/keys/process_keys.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 85b61a3ac981..6f32ca53456a 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -808,15 +808,14 @@ long join_session_keyring(const char *name) ret = PTR_ERR(keyring); goto error2; } else if (keyring == new->session_keyring) { - key_put(keyring); ret = 0; - goto error2; + goto error3; } /* we've got a keyring - now to install it */ ret = install_session_keyring_to_cred(new, keyring); if (ret < 0) - goto error2; + goto error3; commit_creds(new); mutex_unlock(&key_session_mutex); @@ -826,6 +825,8 @@ long join_session_keyring(const char *name) okay: return ret; +error3: + key_put(keyring); error2: mutex_unlock(&key_session_mutex); error: -- 2.17.1