Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp15801imu; Thu, 8 Nov 2018 13:59:07 -0800 (PST) X-Google-Smtp-Source: AJdET5dsWCjkV3EBz8pl2hivkI3gRqEgxNJjtw2bm8N1WipfjcpPgYAOfeV6wnN/scnmj8j38VOx X-Received: by 2002:a17:902:f097:: with SMTP id go23mr6075921plb.328.1541714347761; Thu, 08 Nov 2018 13:59:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541714347; cv=none; d=google.com; s=arc-20160816; b=q1DVlbUSy5B7b/uPe0QvDlE92pEQ3zU+fTOte9sxKbgIPnRCw26Rt5mSVmo/bb48Ag KkEP0cYTlN7MGnU/OTln+uD39xA/WC7i+QM0RjjVwHDE8/PJYwIGoZz9WboaLDE9GxEe Awck5TFssUAnz4NsbouOUAwCfLklo9EbpaxYze5lHNi/FR+pwtQK+iruvpp0HTMtWYoO mnJGMOcenVHBR8eRV7jRBuObaaOkxjX4qfCMkrp2W6cBWMKhAm/5iIcY2P3yly2sZAPV apa+uWkYqeQ8l7UfKEJ9O8wZYlAR4QQygxE5lPMQiT/5JUlzSSDtmiArQ9DlhInBR+hw ZmdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=wCzmLh0StMTZWii9l9OMSVyWMDgqP7YAgl4zMR++5gE=; b=oPvBzmEBBzqt6XlyJT5equ6uyuJ4OLbdwHNwbEeoKTlddr62XWD/2eesFyhevy5YQs TMiaFduMs43MG1JOw3xFxSNWxybPVfmcsuzooiCo8t8rDAfMthcl88DZ2nhgHeOYRhVc 4y0CyK3VRw3lxEPnnD8+iSqGXf4oK4PgmNSNvzjdCNyMQ7JfGC52RA8PJTYAyOS99aHg VMC73rqucIS7ZDJ0Ii2EgAhKOcIT6HHi0ZZJVyReBkbIhAgZDgIiKKQeyviJxiVyHGmv lrDsrJxCNlZS6R8lhyEgLB0Ov8LKAfGZPJKgzBU+iSgJNrIGQ6hjYlTnJarozK26rKIs EOFw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=IJrgK7Gq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j22-v6si4672345pgl.217.2018.11.08.13.58.52; Thu, 08 Nov 2018 13:59:07 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=IJrgK7Gq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729568AbeKIHfM (ORCPT + 99 others); Fri, 9 Nov 2018 02:35:12 -0500 Received: from mail.kernel.org ([198.145.29.99]:52030 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726926AbeKIHfM (ORCPT ); Fri, 9 Nov 2018 02:35:12 -0500 Received: from localhost (unknown [208.72.13.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2E97420892; Thu, 8 Nov 2018 21:57:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541714264; bh=H2noGOQP/QYpIKUqFTHz/2cHqjtgGEITEiikjQeKbyE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IJrgK7GqPhrh0YbnjD8e7tn84KLy3/1QvTk8LGfqty3DZk8FXvXPv7/QLJ0FbYREW /tUPA4iToldg2Zgj8kSLTAwK/1c293WJIMt33sbm0sujBQ/byuDYC8Zbre/P2lzn/g X5qWxa+BcOICK19JeoVT7suutVoL2aYEyg1u9ysw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , David Howells , James Morris , Sasha Levin Subject: [PATCH 3.18 122/144] KEYS: put keyring if install_session_keyring_to_cred() fails Date: Thu, 8 Nov 2018 13:51:33 -0800 Message-Id: <20181108215106.897907073@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181108215054.826084593@linuxfoundation.org> References: <20181108215054.826084593@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.18-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit d636bd9f12a66ea3775c9fabbf3f8e118253467a ] In join_session_keyring(), if install_session_keyring_to_cred() were to fail, we would leak the keyring reference, just like in the bug fixed by commit 23567fd052a9 ("KEYS: Fix keyring ref leak in join_session_keyring()"). Fortunately this cannot happen currently, but we really should be more careful. Do this by adding and using a new error label at which the keyring reference is dropped. Signed-off-by: Eric Biggers Signed-off-by: David Howells Signed-off-by: James Morris Signed-off-by: Sasha Levin --- security/keys/process_keys.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 85b61a3ac981..6f32ca53456a 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -808,15 +808,14 @@ long join_session_keyring(const char *name) ret = PTR_ERR(keyring); goto error2; } else if (keyring == new->session_keyring) { - key_put(keyring); ret = 0; - goto error2; + goto error3; } /* we've got a keyring - now to install it */ ret = install_session_keyring_to_cred(new, keyring); if (ret < 0) - goto error2; + goto error3; commit_creds(new); mutex_unlock(&key_session_mutex); @@ -826,6 +825,8 @@ long join_session_keyring(const char *name) okay: return ret; +error3: + key_put(keyring); error2: mutex_unlock(&key_session_mutex); error: -- 2.17.1