[stable] Patch "CRED: Fix memory and refcount leaks upon security_prepare_creds() failure" has been added to the 2.6.37-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    CRED: Fix memory and refcount leaks upon security_prepare_creds() failure

to the 2.6.37-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     
cred-fix-memory-and-refcount-leaks-upon-security_prepare_creds-failure.patch
and it can be found in the queue-2.6.37 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <sta...@kernel.org> know about it.


>From fb2b2a1d37f80cc818fd4487b510f4e11816e5e1 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-ker...@i-love.sakura.ne.jp>
Date: Mon, 7 Feb 2011 13:36:16 +0000
Subject: CRED: Fix memory and refcount leaks upon security_prepare_creds() 
failure

From: Tetsuo Handa <penguin-ker...@i-love.sakura.ne.jp>

commit fb2b2a1d37f80cc818fd4487b510f4e11816e5e1 upstream.

In prepare_kernel_cred() since 2.6.29, put_cred(new) is called without
assigning new->usage when security_prepare_creds() returned an error.  As a
result, memory for new and refcount for new->{user,group_info,tgcred} are
leaked because put_cred(new) won't call __put_cred() unless old->usage == 1.

Fix these leaks by assigning new->usage (and new->subscribers which was added
in 2.6.32) before calling security_prepare_creds().

Signed-off-by: Tetsuo Handa <penguin-ker...@i-love.sakura.ne.jp>
Signed-off-by: David Howells <dhowe...@redhat.com>
Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gre...@suse.de>

---
 kernel/cred.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -657,6 +657,8 @@ struct cred *prepare_kernel_cred(struct
        validate_creds(old);
 
        *new = *old;
+       atomic_set(&new->usage, 1);
+       set_cred_subscribers(new, 0);
        get_uid(new->user);
        get_group_info(new->group_info);
 
@@ -674,8 +676,6 @@ struct cred *prepare_kernel_cred(struct
        if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
                goto error;
 
-       atomic_set(&new->usage, 1);
-       set_cred_subscribers(new, 0);
        put_cred(old);
        validate_creds(new);
        return new;


Patches currently in stable-queue which might be from 
penguin-ker...@i-love.sakura.ne.jp are

queue-2.6.37/cred-fix-memory-and-refcount-leaks-upon-security_prepare_creds-failure.patch
queue-2.6.37/cred-fix-kernel-panic-upon-security_file_alloc-failure.patch
queue-2.6.37/cred-fix-bug-upon-security_cred_alloc_blank-failure.patch

_______________________________________________
stable mailing list
stable@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/stable