lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20150912225606.736779836@1wt.eu>
Date:	Sun, 13 Sep 2015 00:56:10 +0200
From:	Willy Tarreau <w@....eu>
To:	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Cc:	Jiri Slaby <jslaby@...e.cz>, Alan Cox <alan@...rguk.ukuu.org.uk>,
	Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com>,
	Greg Kroah-Hartman <gregkh@...e.de>,
	Ben Hutchings <ben@...adent.org.uk>, Willy Tarreau <w@....eu>
Subject: [PATCH 2.6.32 04/62] TTY: drop driver reference in tty_open fail path

2.6.32-longterm review patch.  If anyone has any objections, please let me know.

------------------

From: Jiri Slaby <jslaby@...e.cz>

commit c290f8358acaeffd8e0c551ddcc24d1206143376 upstream.

When tty_driver_lookup_tty fails in tty_open, we forget to drop a
reference to the tty driver. This was added by commit 4a2b5fddd5 (Move
tty lookup/reopen to caller).

Fix that by adding tty_driver_kref_put to the fail path.

I will refactor the code later. This is for the ease of backporting to
stable.

Introduced-in: v2.6.28-rc2
Signed-off-by: Jiri Slaby <jslaby@...e.cz>
Cc: Alan Cox <alan@...rguk.ukuu.org.uk>
Acked-by: Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...e.de>
[bwh: Backported to 2.6.32: adjust filename]
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>

CVE-2011-5321

Signed-off-by: Willy Tarreau <w@....eu>
---
 drivers/char/tty_io.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
index cbdd1698..6c71534 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -1779,6 +1779,7 @@ got_driver:
 
 		if (IS_ERR(tty)) {
 			mutex_unlock(&tty_mutex);
+			tty_driver_kref_put(driver);
 			return PTR_ERR(tty);
 		}
 	}
-- 
1.7.12.2.21.g234cd45.dirty



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ