Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 8ed8e504f14a1b726f5ce16a0c0ac6d61ac217b7
commit8ed8e504f14a1b726f5ce16a0c0ac6d61ac217b7[log] [tgz]
authorDavid Howells <dhowells@redhat.com>Mon Oct 19 11:20:28 2015 +0100
committerchrmhoffmann <chrmhoffmann@gmail.com>Sat Aug 04 10:50:24 2018 +0200
treef99e1aeeeedee461311fc134ddea7b4b113c1b9a
parent1e7c24ab4079baa76990b07a39c0d9fda9aba89f [diff]
KEYS: Don't permit request_key() to construct a new keyring

If request_key() is used to find a keyring, only do the search part - don't
do the construction part if the keyring was not found by the search.  We
don't really want keyrings in the negative instantiated state since the
rejected/negative instantiation error value in the payload is unioned with
keyring metadata.

Now the kernel gives an error:

	request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted)

Signed-off-by: David Howells <dhowells@redhat.com>
CVE-2015-7872
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>

Change-Id: I63ea0e9ec7a95a9f59c706efb0a934b835bc6448
1 file changed
tree: f99e1aeeeedee461311fc134ddea7b4b113c1b9a
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS