Skip to content

Commit

Permalink
Set cred->user_ns in key_replace_session_keyring
Browse files Browse the repository at this point in the history
Since this cred was not created with copy_creds(), it needs to get
initialized.  Otherwise use of syscall(__NR_keyctl, KEYCTL_SESSION_TO_PARENT);
can lead to a NULL deref.  Thanks to Robert for finding this.

But introduced by commit 47a150e ("Cache user_ns in struct cred").

Signed-off-by: Serge E. Hallyn <[email protected]>
Reported-by: Robert Święcki <[email protected]>
Cc: David Howells <[email protected]>
Cc: [email protected] (2.6.39)
Signed-off-by: Linus Torvalds <[email protected]>
  • Loading branch information
hallyn authored and torvalds committed May 26, 2011
1 parent b7c2f03 commit f7285b5
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions security/keys/process_keys.c
Original file line number Diff line number Diff line change
Expand Up @@ -847,6 +847,7 @@ void key_replace_session_keyring(void)
new-> sgid = old-> sgid;
new->fsgid = old->fsgid;
new->user = get_uid(old->user);
new->user_ns = new->user->user_ns;
new->group_info = get_group_info(old->group_info);

new->securebits = old->securebits;
Expand Down

0 comments on commit f7285b5

Please sign in to comment.