From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751832AbdIUUhs (ORCPT ); Thu, 21 Sep 2017 16:37:48 -0400 Received: from mail-pg0-f66.google.com ([74.125.83.66]:35398 "EHLO mail-pg0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751741AbdIUUhr (ORCPT ); Thu, 21 Sep 2017 16:37:47 -0400 X-Google-Smtp-Source: AOwi7QDVanZpRbDLpNrbVtk4DduaeY+CSkRjEa9aPUu2IjrBxU/ld+qK4in2rKcQc+yKlU+wkVPGtw== Date: Thu, 21 Sep 2017 13:37:43 -0700 From: Eric Biggers To: David Howells Cc: keyrings@vger.kernel.org, Michael Halcrow , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Eric Biggers Subject: Re: [PATCH] KEYS: fix cred refcount leak in request_key_auth_new() Message-ID: <20170921203743.GA89627@gmail.com> References: <20170918183331.113261-1-ebiggers3@gmail.com> <28352.1505835968@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <28352.1505835968@warthog.procyon.org.uk> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 19, 2017 at 04:46:08PM +0100, David Howells wrote: > Eric Biggers wrote: > > > In request_key_auth_new(), if alloc_key() or key_instantiate_and_link() > > were to fail, we would leak a reference to the 'struct cred'. Currently > > this can only happen if alloc_key() fails to to allocate memory. But it > > still should be fixed, as it is a more severe bug waiting to happen. > > It might be better to combine request_key_auth_destroy() and the error path > that you're altering in request_key_auth_new() by pulling it into a separate > function. > > David Agreed, I'll do that. Eric