| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <A3886415-1FA1-4090-8F64-F5B4D4DDD786@linuxhacker.ru>
Date: Fri, 31 Jan 2014 16:13:19 -0500
From: Oleg Drokin <green@...uxhacker.ru>
To: Al Viro <viro@...IV.linux.org.uk>
Cc: linux-kernel@...r.kernel.org, jlayton@...hat.com,
linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH] Fix mountpoint reference leakage in linkat
On Jan 31, 2014, at 4:03 PM, Al Viro wrote:
>> diff --git a/fs/namei.c b/fs/namei.c
>> index bcb838e..e620937 100644
>> --- a/fs/namei.c
>> +++ b/fs/namei.c
>> @@ -3931,6 +3931,7 @@ out_dput:
>> goto retry;
>> }
>> if (retry_estale(error, how)) {
>> + path_put(&old_path);
>> how |= LOOKUP_REVAL;
>> goto retry;
>> }
> Umm... That obviously can't be right - we have another goto retry
> in the same situation (see in your diff context). I agree that
> we have a leak there, but you've fixed only a half of it.
Hm, you are right, I did not notice this other one somehow.
So, not to take any guesses, should I convert the other goto retry into
retry_deleg similar in style to what happens in rename and unlink, only
make retry)deleg label before call to the security_path_link?
After the call to the security_path_link?
Or would you prefer to just free old_path in both cases?
Bye,
Oleg
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists