Oleg Nesterov <[email protected]> wrote: > keyctl_session_to_parent(task) sets ->replacement_session_keyring, > it should be processed and cleared by key_replace_session_keyring(). > > However, this task can fork before it notices TIF_NOTIFY_RESUME and > the new child gets the bogus ->replacement_session_keyring copied by > dup_task_struct(). This is obviously wrong and, if nothing else, this > leads to put_cred(already_freed_cred). > > change copy_creds() to clear this member. If copy_process() fails > before this point the wrong ->replacement_session_keyring doesn't > matter, exit_creds() won't be called. > > Cc: <[email protected]> > Signed-off-by: Oleg Nesterov <[email protected]>
Acked-by: David Howells <[email protected]> -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
