[PATCH] KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings

David Howells dhowells at redhat.com
Mon Apr 3 15:52:02 UTC 2017


Eric Biggers <ebiggers3 at gmail.com> wrote:

> @@ -135,6 +135,9 @@ int install_thread_keyring_to_cred(struct cred *new)
>  {
>  	struct key *keyring;
>  
> +	if (new->thread_keyring)
> +		return -EEXIST;
> +
>  	keyring = keyring_alloc("_tid", new->uid, new->gid, new,
>  				KEY_POS_ALL | KEY_USR_VIEW,
>  				KEY_ALLOC_QUOTA_OVERRUN,

It would probably be better just to return 0 and change the comment on the
function to say that it sets a thread keyring if there isn't one already.
Same for the process keyring.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list