Google Git
Sign in
kernel / pub / scm / linux / kernel / git / joro / linux / 5494bd6a500cc7c5a502279eabfbdacccd4b89d1
commit5494bd6a500cc7c5a502279eabfbdacccd4b89d1[log] [tgz]
authorDavid Howells <dhowells@redhat.com>Mon Apr 10 17:01:40 2006 +0000
committerGreg Kroah-Hartman <gregkh@suse.de>Mon Apr 10 21:48:21 2006 -0700
treea1013355c5ff3d8b02245e3a91c52ac5e3b52c40
parentdbb676d1214c181e6cde4ce67b7bf012d071f1ed [diff]
[PATCH] Keys: Fix oops when adding key to non-keyring [CVE-2006-1522]

This fixes the problem of an oops occuring when a user attempts to add a
key to a non-keyring key [CVE-2006-1522].

The problem is that __keyring_search_one() doesn't check that the
keyring it's been given is actually a keyring.

I've fixed this problem by:

 (1) declaring that caller of __keyring_search_one() must guarantee that
     the keyring is a keyring; and

 (2) making key_create_or_update() check that the keyring is a keyring,
     and return -ENOTDIR if it isn't.

This can be tested by:

	keyctl add user b b `keyctl add user a a @s`

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2 files changed
tree: a1013355c5ff3d8b02245e3a91c52ac5e3b52c40
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. fs/
  7. include/
  8. init/
  9. ipc/
  10. kernel/
  11. lib/
  12. mm/
  13. net/
  14. scripts/
  15. security/
  16. sound/
  17. usr/
  18. .gitignore
  19. COPYING
  20. CREDITS
  21. Kbuild
  22. MAINTAINERS
  23. Makefile
  24. README
  25. REPORTING-BUGS