c3a9d6541f
This fixes the problem of an oops occuring when a user attempts to add a key to a non-keyring key [CVE-2006-1522]. The problem is that __keyring_search_one() doesn't check that the keyring it's been given is actually a keyring. I've fixed this problem by: (1) declaring that caller of __keyring_search_one() must guarantee that the keyring is a keyring; and (2) making key_create_or_update() check that the keyring is a keyring, and return -ENOTDIR if it isn't. This can be tested by: keyctl add user b b `keyctl add user a a @s` Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
||
---|---|---|
.. | ||
compat.c | ||
internal.h | ||
key.c | ||
keyctl.c | ||
keyring.c | ||
Makefile | ||
permission.c | ||
proc.c | ||
process_keys.c | ||
request_key.c | ||
request_key_auth.c | ||
user_defined.c |