From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752022AbdDASyZ (ORCPT ); Sat, 1 Apr 2017 14:54:25 -0400 Received: from mail-pg0-f68.google.com ([74.125.83.68]:36393 "EHLO mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751798AbdDASyX (ORCPT ); Sat, 1 Apr 2017 14:54:23 -0400 From: Eric Biggers To: keyrings@vger.kernel.org Cc: David Howells , linux-kernel@vger.kernel.org, Eric Biggers Subject: [PATCH] KEYS: put keyring if install_session_keyring_to_cred() fails Date: Sat, 1 Apr 2017 11:54:16 -0700 Message-Id: <20170401185416.10225-1-ebiggers3@gmail.com> X-Mailer: git-send-email 2.12.1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers In join_session_keyring(), if install_session_keyring_to_cred() were to fail, we would leak the keyring reference, just like in the bug fixed by commit 23567fd052a9 ("KEYS: Fix keyring ref leak in join_session_keyring()"). Fortunately this cannot happen currently, but we really should be more careful. Do this by adding and using a new error label at which the keyring reference is dropped. Signed-off-by: Eric Biggers --- security/keys/process_keys.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index b6fdd22205b1..fc60f998c74d 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -799,15 +799,14 @@ long join_session_keyring(const char *name) ret = PTR_ERR(keyring); goto error2; } else if (keyring == new->session_keyring) { - key_put(keyring); ret = 0; - goto error2; + goto error3; } /* we've got a keyring - now to install it */ ret = install_session_keyring_to_cred(new, keyring); if (ret < 0) - goto error2; + goto error3; commit_creds(new); mutex_unlock(&key_session_mutex); @@ -817,6 +816,8 @@ long join_session_keyring(const char *name) okay: return ret; +error3: + key_put(keyring); error2: mutex_unlock(&key_session_mutex); error: -- 2.12.1