Commit 5e31877b authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-linus' of...

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  security: testing the wrong variable in create_by_name()
  CRED: Fix a race in creds_are_invalid() in credentials debugging
  CRED: Fix double free in prepare_usermodehelper_creds() error handling
parents 1ef6ce7a b338cc82
...@@ -398,6 +398,8 @@ struct cred *prepare_usermodehelper_creds(void) ...@@ -398,6 +398,8 @@ struct cred *prepare_usermodehelper_creds(void)
error: error:
put_cred(new); put_cred(new);
return NULL;
free_tgcred: free_tgcred:
#ifdef CONFIG_KEYS #ifdef CONFIG_KEYS
kfree(tgcred); kfree(tgcred);
...@@ -791,8 +793,6 @@ bool creds_are_invalid(const struct cred *cred) ...@@ -791,8 +793,6 @@ bool creds_are_invalid(const struct cred *cred)
{ {
if (cred->magic != CRED_MAGIC) if (cred->magic != CRED_MAGIC)
return true; return true;
if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers))
return true;
#ifdef CONFIG_SECURITY_SELINUX #ifdef CONFIG_SECURITY_SELINUX
if (selinux_is_enabled()) { if (selinux_is_enabled()) {
if ((unsigned long) cred->security < PAGE_SIZE) if ((unsigned long) cred->security < PAGE_SIZE)
......
...@@ -161,13 +161,13 @@ static int create_by_name(const char *name, mode_t mode, ...@@ -161,13 +161,13 @@ static int create_by_name(const char *name, mode_t mode,
mutex_lock(&parent->d_inode->i_mutex); mutex_lock(&parent->d_inode->i_mutex);
*dentry = lookup_one_len(name, parent, strlen(name)); *dentry = lookup_one_len(name, parent, strlen(name));
if (!IS_ERR(dentry)) { if (!IS_ERR(*dentry)) {
if ((mode & S_IFMT) == S_IFDIR) if ((mode & S_IFMT) == S_IFDIR)
error = mkdir(parent->d_inode, *dentry, mode); error = mkdir(parent->d_inode, *dentry, mode);
else else
error = create(parent->d_inode, *dentry, mode); error = create(parent->d_inode, *dentry, mode);
} else } else
error = PTR_ERR(dentry); error = PTR_ERR(*dentry);
mutex_unlock(&parent->d_inode->i_mutex); mutex_unlock(&parent->d_inode->i_mutex);
return error; return error;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment