[PATCH] KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
David Howells
dhowells at redhat.com
Mon Apr 3 15:52:02 UTC 2017
Eric Biggers <ebiggers3 at gmail.com> wrote:
> @@ -135,6 +135,9 @@ int install_thread_keyring_to_cred(struct cred *new)
> {
> struct key *keyring;
>
> + if (new->thread_keyring)
> + return -EEXIST;
> +
> keyring = keyring_alloc("_tid", new->uid, new->gid, new,
> KEY_POS_ALL | KEY_USR_VIEW,
> KEY_ALLOC_QUOTA_OVERRUN,
It would probably be better just to return 0 and change the comment on the
function to say that it sets a thread keyring if there isn't one already.
Same for the process keyring.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list