From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail-pf0-f182.google.com ([209.85.192.182]:41036 "EHLO
        mail-pf0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751142AbdK1TG4 (ORCPT
        <rfc822;stable@vger.kernel.org>); Tue, 28 Nov 2017 14:06:56 -0500
Date: Tue, 28 Nov 2017 11:06:52 -0800
From: Eric Biggers <ebiggers3@gmail.com>
To: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, Eric Biggers <ebiggers@google.com>,
        stable@vger.kernel.org
Subject: Re: [PATCH] KEYS: add missing permission check for request_key()
 destination
Message-ID: <20171128190652.GC45321@gmail.com>
References: <20171120225830.96642-1-ebiggers3@gmail.com>
 <7849.1511863981@warthog.procyon.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <7849.1511863981@warthog.procyon.org.uk>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Tue, Nov 28, 2017 at 10:13:01AM +0000, David Howells wrote:
> Eric Biggers <ebiggers3@gmail.com> wrote:
> 
> > +		if (do_perm_check) {
> > +			ret = key_permission(make_key_ref(dest_keyring, 1),
> > +					     KEY_NEED_WRITE);
> 
> dest_keyring may be NULL at this point as alloc_uid() doesn't automatically
> create keyrings.
> 
> David

Argh, you're right.  I must have been confused by the calls to key_serial(),
key_put(), etc., but those all check for NULL.  I'll send a revised patch.

Eric