| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Jan 2024 19:34:21 +0100
From: Bernd Edlinger <bernd.edlinger@...mail.de>
To: Alexander Viro <viro@...iv.linux.org.uk>,
Christian Brauner <brauner@...nel.org>, Kees Cook <keescook@...omium.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
linux-mm@...ck.org,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: [PATCH v3] Fix error handling in begin_new_exec
If get_unused_fd_flags() fails, the error handling is incomplete
because bprm->cred is already set to NULL, and therefore
free_bprm will not unlock the cred_guard_mutex.
Note there are two error conditions which end up here,
one before and one after bprm->cred is cleared.
Fixes: b8a61c9e7b4a ("exec: Generic execfd support")
Signed-off-by: Bernd Edlinger <bernd.edlinger@...mail.de>
Acked-by: "Eric W. Biederman" <ebiederm@...ssion.com>
---
fs/exec.c | 3 +++
1 file changed, 3 insertions(+)
v2: rebased to v6.7, retested and updated the commit message
to fix a checkpatch.pl style nit about the too short sha1 hash
in the Fixes: statement.
And retained Eric's Acked-by from:
https://lore.kernel.org/lkml/87mts2kcrm.fsf@disp2133/
v3: removed empty lines after Fixes: and Signed-off-by: header.
Thanks
Bernd.
diff --git a/fs/exec.c b/fs/exec.c
index 8cdd5b2dd09c..e88249a1ce07 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1409,6 +1409,9 @@ int begin_new_exec(struct linux_binprm * bprm)
out_unlock:
up_write(&me->signal->exec_update_lock);
+ if (!bprm->cred)
+ mutex_unlock(&me->signal->cred_guard_mutex);
+
out:
return retval;
}
--
2.39.2
Powered by blists - more mailing lists