diff options
| author | Josh Boyer <jwboyer@fedoraproject.org> | 2016-06-15 09:37:42 -0400 |
|---|---|---|
| committer | Josh Boyer <jwboyer@fedoraproject.org> | 2016-06-15 09:37:51 -0400 |
| commit | e5e1555ce19175b8115e9f082e48c83cc09458c1 (patch) | |
| tree | 3ebeaa4f816cab04d869eac5ee6aae170c5cfb42 | |
| parent | 742a0bf3f5055444eeb07c9bdd9a0fc28f0c6c41 (diff) | |
| download | kernel-e5e1555ce19175b8115e9f082e48c83cc09458c1.tar.gz kernel-e5e1555ce19175b8115e9f082e48c83cc09458c1.tar.xz kernel-e5e1555ce19175b8115e9f082e48c83cc09458c1.zip | |
CVE-2016-4470 keys: uninitialized variable crash (rhbz 1341716 1346626)
| -rw-r--r-- | KEYS-potential-uninitialized-variable.patch | 30 | ||||
| -rw-r--r-- | kernel.spec | 6 |
2 files changed, 36 insertions, 0 deletions
diff --git a/KEYS-potential-uninitialized-variable.patch b/KEYS-potential-uninitialized-variable.patch new file mode 100644 index 000000000..23cabbb2e --- /dev/null +++ b/KEYS-potential-uninitialized-variable.patch @@ -0,0 +1,30 @@ +From 82a50018782f84e733e718d4b24e1653d19333be Mon Sep 17 00:00:00 2001 +From: Dan Carpenter <dan.carpenter@oracle.com> +Date: Wed, 15 Jun 2016 09:31:45 -0400 +Subject: [PATCH] KEYS: potential uninitialized variable + +If __key_link_begin() failed then "edit" would be uninitialized. I've +added a check to fix that. + +Fixes: f70e2e06196a ('KEYS: Do preallocation for __key_link()') +Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> +--- + security/keys/key.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/security/keys/key.c b/security/keys/key.c +index bd5a272f28a6..346fbf201c22 100644 +--- a/security/keys/key.c ++++ b/security/keys/key.c +@@ -597,7 +597,7 @@ int key_reject_and_link(struct key *key, + + mutex_unlock(&key_construction_mutex); + +- if (keyring) ++ if (keyring && link_ret == 0) + __key_link_end(keyring, &key->index_key, edit); + + /* wake up anyone waiting for a key to be constructed */ +-- +2.5.5 + diff --git a/kernel.spec b/kernel.spec index 142e50700..6f8ca675a 100644 --- a/kernel.spec +++ b/kernel.spec @@ -664,6 +664,9 @@ Patch724: ecryptfs-fix-handling-of-directory-opening.patch Patch725: ecryptfs-forbid-opening-files-without-mmap-handler.patch Patch726: sched-panic-on-corrupted-stack-end.patch +#CVE-2016-4470 rhbz 1341716 1346626 +Patch727: KEYS-potential-uninitialized-variable.patch + # END OF PATCH DEFINITIONS %endif @@ -2181,6 +2184,9 @@ fi # # %changelog +* Wed Jun 15 2016 Josh Boyer <jwboyer@fedoraproject.org> +- CVE-2016-4470 keys: uninitialized variable crash (rhbz 1341716 1346626) + * Mon Jun 13 2016 Josh Boyer <jwboyer@fedoraproject.org> - CVE-2016-1583 stack overflow via ecryptfs and /proc (rhbz 1344721 1344722) |