From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756652AbdIRSfc (ORCPT ); Mon, 18 Sep 2017 14:35:32 -0400 Received: from mail-pf0-f194.google.com ([209.85.192.194]:33446 "EHLO mail-pf0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753006AbdIRSf3 (ORCPT ); Mon, 18 Sep 2017 14:35:29 -0400 X-Google-Smtp-Source: ADKCNb6kvcDWeVgDPmMGHL3esyQ0kpREJWy76DQVKs4948M07Y5pLHK8Lfsh5XcslvSSKfqETrngKg== From: Eric Biggers To: keyrings@vger.kernel.org Cc: David Howells , Michael Halcrow , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Eric Biggers Subject: [PATCH] KEYS: fix cred refcount leak in request_key_auth_new() Date: Mon, 18 Sep 2017 11:33:31 -0700 Message-Id: <20170918183331.113261-1-ebiggers3@gmail.com> X-Mailer: git-send-email 2.14.1.690.gbb1197296e-goog Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers In request_key_auth_new(), if alloc_key() or key_instantiate_and_link() were to fail, we would leak a reference to the 'struct cred'. Currently this can only happen if alloc_key() fails to to allocate memory. But it still should be fixed, as it is a more severe bug waiting to happen. Fixes: d84f4f992cbd ("CRED: Inaugurate COW credentials") Signed-off-by: Eric Biggers --- security/keys/request_key_auth.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index afe9d22ab361..f2f29f13ecff 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c @@ -227,6 +227,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info, key_revoke(authkey); key_put(authkey); error_alloc: + put_cred(rka->cred); key_put(rka->target_key); key_put(rka->dest_keyring); kfree(rka->callout_info); -- 2.14.1.690.gbb1197296e-goog