android_kernel_oneplus_msm8998/security/keys at c08c6b9eb55e17e701770f2573248d402586b82a - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

History

Hillf Danton c08c6b9eb5 keys: Fix missing null pointer check in request_key_auth_describe() [ Upstream commit d41a3effbb53b1bcea41e328d16a4d046a508381 ] If a request_key authentication token key gets revoked, there's a window in which request_key_auth_describe() can see it with a NULL payload - but it makes no check for this and something like the following oops may occur: BUG: Kernel NULL pointer dereference at 0x00000038 Faulting instruction address: 0xc0000000004ddf30 Oops: Kernel access of bad area, sig: 11 [#1] ... NIP [...] request_key_auth_describe+0x90/0xd0 LR [...] request_key_auth_describe+0x54/0xd0 Call Trace: [...] request_key_auth_describe+0x54/0xd0 (unreliable) [...] proc_keys_show+0x308/0x4c0 [...] seq_read+0x3d0/0x540 [...] proc_reg_read+0x90/0x110 [...] __vfs_read+0x3c/0x70 [...] vfs_read+0xb4/0x1b0 [...] ksys_read+0x7c/0x130 [...] system_call+0x5c/0x70 Fix this by checking for a NULL pointer when describing such a key. Also make the read routine check for a NULL pointer to be on the safe side. [DH: Modified to not take already-held rcu lock and modified to also check in the read routine] Fixes: `04c567d931` ("[PATCH] Keys: Fix race between two instantiators of a key") Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com> Signed-off-by: Hillf Danton <hdanton@sina.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Sachin Sant <sachinp@linux.vnet.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2019-09-21 07:12:53 +02:00
..
encrypted-keys	KEYS: encrypted: fix buffer overread in valid_master_desc()	2018-02-16 20:09:38 +01:00
big_key.c	KEYS: Fix race between updating and finding a negative key	2017-10-27 10:23:18 +02:00
compat.c	switch keyctl_instantiate_key_common() to iov_iter	2015-04-11 22:27:12 -04:00
gc.c	KEYS: Fix race between updating and finding a negative key	2017-10-27 10:23:18 +02:00
internal.h	KEYS: prevent creating a different user's keyrings	2017-10-05 09:41:45 +02:00
Kconfig	security/keys: add CONFIG_KEYS_COMPAT to Kconfig	2017-11-18 11:11:07 +01:00
key.c	KEYS: allow reaching the keys quotas exactly	2019-03-23 08:44:15 +01:00
keyctl.c	KEYS: Fix race between updating and finding a negative key	2017-10-27 10:23:18 +02:00
keyring.c	KEYS: always initialize keyring_index_key::desc_len	2019-03-23 08:44:17 +01:00
Makefile	KEYS: Add per-user_namespace registers for persistent per-UID kerberos caches	2013-09-24 10:35:19 +01:00
permission.c	KEYS: Move the flags representing required permission to linux/key.h	2014-03-14 17:44:49 +00:00
persistent.c	KEYS: Move the flags representing required permission to linux/key.h	2014-03-14 17:44:49 +00:00
proc.c	KEYS: restrict /proc/keys by credentials at open time	2019-03-23 08:44:29 +01:00
process_keys.c	KEYS: put keyring if install_session_keyring_to_cred() fails	2018-11-10 07:41:34 -08:00
request_key.c	KEYS: always initialize keyring_index_key::desc_len	2019-03-23 08:44:17 +01:00
request_key_auth.c	keys: Fix missing null pointer check in request_key_auth_describe()	2019-09-21 07:12:53 +02:00
sysctl.c	security: Convert use of typedef ctl_table to struct ctl_table	2014-04-15 13:39:58 +10:00
trusted.c	KEYS: trusted: fix writing past end of buffer in trusted_read()	2017-11-15 17:13:11 +01:00
trusted.h	keys, trusted: move struct trusted_key_options to trusted-type.h	2015-10-19 01:01:21 +02:00
user_defined.c	KEYS: Fix race between updating and finding a negative key	2017-10-27 10:23:18 +02:00