Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: security: testing the wrong variable in create_by_name() CRED: Fix a race in creds_are_invalid() in credentials debugging CRED: Fix double free in prepare_usermodehelper_creds() error handling
This commit is contained in:
commit
5e31877b64
|
@ -398,6 +398,8 @@ struct cred *prepare_usermodehelper_creds(void)
|
||||||
|
|
||||||
error:
|
error:
|
||||||
put_cred(new);
|
put_cred(new);
|
||||||
|
return NULL;
|
||||||
|
|
||||||
free_tgcred:
|
free_tgcred:
|
||||||
#ifdef CONFIG_KEYS
|
#ifdef CONFIG_KEYS
|
||||||
kfree(tgcred);
|
kfree(tgcred);
|
||||||
|
@ -791,8 +793,6 @@ bool creds_are_invalid(const struct cred *cred)
|
||||||
{
|
{
|
||||||
if (cred->magic != CRED_MAGIC)
|
if (cred->magic != CRED_MAGIC)
|
||||||
return true;
|
return true;
|
||||||
if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers))
|
|
||||||
return true;
|
|
||||||
#ifdef CONFIG_SECURITY_SELINUX
|
#ifdef CONFIG_SECURITY_SELINUX
|
||||||
if (selinux_is_enabled()) {
|
if (selinux_is_enabled()) {
|
||||||
if ((unsigned long) cred->security < PAGE_SIZE)
|
if ((unsigned long) cred->security < PAGE_SIZE)
|
||||||
|
|
|
@ -161,13 +161,13 @@ static int create_by_name(const char *name, mode_t mode,
|
||||||
|
|
||||||
mutex_lock(&parent->d_inode->i_mutex);
|
mutex_lock(&parent->d_inode->i_mutex);
|
||||||
*dentry = lookup_one_len(name, parent, strlen(name));
|
*dentry = lookup_one_len(name, parent, strlen(name));
|
||||||
if (!IS_ERR(dentry)) {
|
if (!IS_ERR(*dentry)) {
|
||||||
if ((mode & S_IFMT) == S_IFDIR)
|
if ((mode & S_IFMT) == S_IFDIR)
|
||||||
error = mkdir(parent->d_inode, *dentry, mode);
|
error = mkdir(parent->d_inode, *dentry, mode);
|
||||||
else
|
else
|
||||||
error = create(parent->d_inode, *dentry, mode);
|
error = create(parent->d_inode, *dentry, mode);
|
||||||
} else
|
} else
|
||||||
error = PTR_ERR(dentry);
|
error = PTR_ERR(*dentry);
|
||||||
mutex_unlock(&parent->d_inode->i_mutex);
|
mutex_unlock(&parent->d_inode->i_mutex);
|
||||||
|
|
||||||
return error;
|
return error;
|
||||||
|
|
Reference in New Issue