Commit d636bd9f authored Jun 08, 2017 by Eric Biggers Committed by James Morris Jun 09, 2017

KEYS: put keyring if install_session_keyring_to_cred() fails



In join_session_keyring(), if install_session_keyring_to_cred() were to
fail, we would leak the keyring reference, just like in the bug fixed by
commit 23567fd0 ("KEYS: Fix keyring ref leak in
join_session_keyring()").  Fortunately this cannot happen currently, but
we really should be more careful.  Do this by adding and using a new
error label at which the keyring reference is dropped.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>

parent 41f1c53e

security/keys/process_keys.c

+4 −3

Original line number	Diff line number	Diff line
		@@ -809,15 +809,14 @@ long join_session_keyring(const char *name)
		ret = PTR_ERR(keyring);
		goto error2;
		} else if (keyring == new->session_keyring) {
		key_put(keyring);
		ret = 0;
		goto error2;
		goto error3;
		}

		/* we've got a keyring - now to install it */
		ret = install_session_keyring_to_cred(new, keyring);
		if (ret < 0)
		goto error2;
		goto error3;

		commit_creds(new);
		mutex_unlock(&key_session_mutex);
		@@ -827,6 +826,8 @@ long join_session_keyring(const char *name)
		okay:
		return ret;

		error3:
		key_put(keyring);
		error2:
		mutex_unlock(&key_session_mutex);
		error: