From: Eric Biggers Date: Tue, 18 Apr 2017 14:31:09 +0000 (+0100) Subject: KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings X-Git-Tag: v3.2.89~20 X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0ebd7208190d2f7b16fee3cea05665e212cebaab;p=pandora-kernel.git KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings commit c9f838d104fed6f2f61d68164712e3204bf5271b upstream. This fixes CVE-2017-7472. Running the following program as an unprivileged user exhausts kernel memory by leaking thread keyrings: #include int main() { for (;;) keyctl_set_reqkey_keyring(KEY_REQKEY_DEFL_THREAD_KEYRING); } Fix it by only creating a new thread keyring if there wasn't one before. To make things more consistent, make install_thread_keyring_to_cred() and install_process_keyring_to_cred() both return 0 if the corresponding keyring is already present. Fixes: d84f4f992cbd ("CRED: Inaugurate COW credentials") Signed-off-by: Eric Biggers Signed-off-by: David Howells [bwh: Backported to 3.2: adjust context] Signed-off-by: Ben Hutchings --- Reading git-diff-tree failed