Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp50336imu; Thu, 8 Nov 2018 14:35:18 -0800 (PST) X-Google-Smtp-Source: AJdET5fY+/Tbx3ajJMKzQh5m1+vKqu5sfYR7x/6nAMYGArI7CP2HZRF6i5wn8nl8djzZVVjJ3TsV X-Received: by 2002:a63:8742:: with SMTP id i63mr5315875pge.298.1541716518412; Thu, 08 Nov 2018 14:35:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541716518; cv=none; d=google.com; s=arc-20160816; b=txVmsoqaFIiZkpm/eh/Kd3oTJH9rN03B4MpIaUYJ5tfdM6zlJ56kn8Oi8X0LbZQQcT kh0m7aUYvSTs4/xQAW3RatJCuFOSVmagwStncxggSHjuMorAGEGg2c4NqZbe/rLkLnV9 bQFuMyRYR/zyitfTx6w3VsocfD89st0npSJOhc+45lO6JCVBd9ahTHSz9w6RVnFRuD6i myMHVijrb5CU6v20iTVZtGRAJNsddstM0vaQojy2sS3/PoOk3RPxxQZj2i5ZZ3xOXY5n 6tbrmRZdiW5RVG6C9y0fiRLaoOE9ErzjBwnauUQhoIaOj209UlEjQTdddHpo+gRBalCw F2MA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=2Zt+lKnr3I8Nm8PLhtwYLTb2xG7y19Vsz8Pcssc3C+8=; b=AdjRe69NTC9bEwRTAyGqgifkFEhUw+2yxfO5HbEd2y/w0KR7X5QJUnNsCyxn0aeNbv I3PkRpyfV6Ii5qFXQ8Esh/iN/Zzs61LyPa73VULXwljz9hKeH3aFpa8fhqUmEry3spxG JVpoCiYAkASEZhEWYqA+XFFDf/uXLBA4d3nz4FFDPVvGJmeeW6MfCdGYSbCEulmnsJ4u LXG6CELDCRj6EJB2xKLx+NeUl3xN1ubHyfwtxtlmbCMmGhwGKcmGZ3hQf4nOfTlZ4o8C rkLj/oYWqf1qphr2ZWgR4pK61OzanRHj5nFDwbCj1DaanZI4OlD0jI4hw2zoxy7+kTfK 0USg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="pYN/+isw"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i128-v6si5593127pfb.256.2018.11.08.14.35.02; Thu, 08 Nov 2018 14:35:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="pYN/+isw"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730096AbeKIHhI (ORCPT + 99 others); Fri, 9 Nov 2018 02:37:08 -0500 Received: from mail.kernel.org ([198.145.29.99]:54884 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729500AbeKIHhG (ORCPT ); Fri, 9 Nov 2018 02:37:06 -0500 Received: from localhost (unknown [208.72.13.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2F7832146E; Thu, 8 Nov 2018 21:59:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541714378; bh=ncOJ3tKK3EBtdYngCc9PlI3qrb+7Y1lzIjSKwWTQti8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pYN/+iswDxzIuw4rbrAVX2eNpSz+skY0bKaGKuU6+X0YxxFMerBiLzHzUHW6ZKU/N tREJiVebsiv81AZcUh5pMPl9CwUBuKx4zwFkcgClLXQGsab4bKpz+WiZp4+5AImcCE XJh5Ge+31sWhEguU+JBF9wwlqDLxs5oct37J+wJY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Biggers , David Howells , James Morris , Sasha Levin Subject: [PATCH 4.4 019/114] KEYS: put keyring if install_session_keyring_to_cred() fails Date: Thu, 8 Nov 2018 13:50:34 -0800 Message-Id: <20181108215100.897428351@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181108215059.051093652@linuxfoundation.org> References: <20181108215059.051093652@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit d636bd9f12a66ea3775c9fabbf3f8e118253467a ] In join_session_keyring(), if install_session_keyring_to_cred() were to fail, we would leak the keyring reference, just like in the bug fixed by commit 23567fd052a9 ("KEYS: Fix keyring ref leak in join_session_keyring()"). Fortunately this cannot happen currently, but we really should be more careful. Do this by adding and using a new error label at which the keyring reference is dropped. Signed-off-by: Eric Biggers Signed-off-by: David Howells Signed-off-by: James Morris Signed-off-by: Sasha Levin --- security/keys/process_keys.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index ac1d5b2b1626..a7095372701e 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -808,15 +808,14 @@ long join_session_keyring(const char *name) ret = PTR_ERR(keyring); goto error2; } else if (keyring == new->session_keyring) { - key_put(keyring); ret = 0; - goto error2; + goto error3; } /* we've got a keyring - now to install it */ ret = install_session_keyring_to_cred(new, keyring); if (ret < 0) - goto error2; + goto error3; commit_creds(new); mutex_unlock(&key_session_mutex); @@ -826,6 +825,8 @@ long join_session_keyring(const char *name) okay: return ret; +error3: + key_put(keyring); error2: mutex_unlock(&key_session_mutex); error: -- 2.17.1