| commit | 5494bd6a500cc7c5a502279eabfbdacccd4b89d1 | |
| author | David Howells <dhowells@redhat.com> | |
| Mon, 10 Apr 2006 17:01:40 +0000 (10 17:01 +0000) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Tue, 11 Apr 2006 04:48:21 +0000 (10 21:48 -0700) | ||
| tree | a1013355c5ff3d8b02245e3a91c52ac5e3b52c40 | treesnapshot (tar.gz zip) |
| parent | dbb676d1214c181e6cde4ce67b7bf012d071f1ed | commitdiff |
[PATCH] Keys: Fix oops when adding key to non-keyring [CVE-2006-1522]
This fixes the problem of an oops occuring when a user attempts to add a
key to a non-keyring key [CVE-2006-1522].
The problem is that __keyring_search_one() doesn't check that the
keyring it's been given is actually a keyring.
I've fixed this problem by:
(1) declaring that caller of __keyring_search_one() must guarantee that
the keyring is a keyring; and
(2) making key_create_or_update() check that the keyring is a keyring,
and return -ENOTDIR if it isn't.
This can be tested by:
keyctl add user b b `keyctl add user a a @s`
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This fixes the problem of an oops occuring when a user attempts to add a
key to a non-keyring key [CVE-2006-1522].
The problem is that __keyring_search_one() doesn't check that the
keyring it's been given is actually a keyring.
I've fixed this problem by:
(1) declaring that caller of __keyring_search_one() must guarantee that
the keyring is a keyring; and
(2) making key_create_or_update() check that the keyring is a keyring,
and return -ENOTDIR if it isn't.
This can be tested by:
keyctl add user b b `keyctl add user a a @s`
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| security/keys/key.c | diffblobblamehistory | |
| security/keys/keyring.c | diffblobblamehistory |