linux/security/keys
Sasha Levin a3a8784454 KEYS: close race between key lookup and freeing
When a key is being garbage collected, it's key->user would get put before
the ->destroy() callback is called, where the key is removed from it's
respective tracking structures.

This leaves a key hanging in a semi-invalid state which leaves a window open
for a different task to try an access key->user. An example is
find_keyring_by_name() which would dereference key->user for a key that is
in the process of being garbage collected (where key->user was freed but
->destroy() wasn't called yet - so it's still present in the linked list).

This would cause either a panic, or corrupt memory.

Fixes CVE-2014-9529.

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
2015-01-05 15:58:01 +00:00
..
encrypted-keys KEYS: Fix stale key registration at error path 2014-12-06 21:50:36 -05:00
big_key.c KEYS: Remove key_type::match in favour of overriding default by match_preparse 2014-09-16 17:36:06 +01:00
compat.c security/compat: convert to COMPAT_SYSCALL_DEFINE 2014-03-06 16:30:42 +01:00
gc.c KEYS: close race between key lookup and freeing 2015-01-05 15:58:01 +00:00
internal.h KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED 2014-12-01 22:52:53 +00:00
Kconfig KEYS: Make BIG_KEYS boolean 2013-10-30 11:15:23 +00:00
key.c KEYS: remove a bogus NULL check 2014-12-16 18:05:20 +11:00
keyctl.c KEYS: Fix the size of the key description passed to/from userspace 2014-12-01 22:52:45 +00:00
keyring.c KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED 2014-12-01 22:52:53 +00:00
Makefile KEYS: Add per-user_namespace registers for persistent per-UID kerberos caches 2013-09-24 10:35:19 +01:00
permission.c KEYS: Move the flags representing required permission to linux/key.h 2014-03-14 17:44:49 +00:00
persistent.c KEYS: Move the flags representing required permission to linux/key.h 2014-03-14 17:44:49 +00:00
proc.c KEYS: Preparse match data 2014-09-16 17:36:02 +01:00
process_keys.c KEYS: Make the key matching functions return bool 2014-09-16 17:36:08 +01:00
request_key_auth.c KEYS: Simplify KEYRING_SEARCH_{NO,DO}_STATE_CHECK flags 2014-12-01 22:52:50 +00:00
request_key.c KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED 2014-12-01 22:52:53 +00:00
sysctl.c security: Convert use of typedef ctl_table to struct ctl_table 2014-04-15 13:39:58 +10:00
trusted.c KEYS: Remove key_type::match in favour of overriding default by match_preparse 2014-09-16 17:36:06 +01:00
trusted.h
user_defined.c KEYS: Remove key_type::match in favour of overriding default by match_preparse 2014-09-16 17:36:06 +01:00