summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2010-04-22 07:17:09 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2010-04-22 07:17:09 -0700
commit5e31877b647bf41ad080adad6100a617ed4c6be4 (patch)
tree89779d6189828ec033aa8f445afb8ed2e854679e
parent1ef6ce7a340f9ed139a73147ff9cf7ad56889414 (diff)
parentb338cc8207eae46640a8d534738fda7b5e48511d (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: security: testing the wrong variable in create_by_name() CRED: Fix a race in creds_are_invalid() in credentials debugging CRED: Fix double free in prepare_usermodehelper_creds() error handling
-rw-r--r--kernel/cred.c4
-rw-r--r--security/inode.c4
2 files changed, 4 insertions, 4 deletions
diff --git a/kernel/cred.c b/kernel/cred.c
index e1dbe9eef80..62af1816c23 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -398,6 +398,8 @@ struct cred *prepare_usermodehelper_creds(void)
error:
put_cred(new);
+ return NULL;
+
free_tgcred:
#ifdef CONFIG_KEYS
kfree(tgcred);
@@ -791,8 +793,6 @@ bool creds_are_invalid(const struct cred *cred)
{
if (cred->magic != CRED_MAGIC)
return true;
- if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers))
- return true;
#ifdef CONFIG_SECURITY_SELINUX
if (selinux_is_enabled()) {
if ((unsigned long) cred->security < PAGE_SIZE)
diff --git a/security/inode.c b/security/inode.c
index c3a793881d0..1c812e87450 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -161,13 +161,13 @@ static int create_by_name(const char *name, mode_t mode,
mutex_lock(&parent->d_inode->i_mutex);
*dentry = lookup_one_len(name, parent, strlen(name));
- if (!IS_ERR(dentry)) {
+ if (!IS_ERR(*dentry)) {
if ((mode & S_IFMT) == S_IFDIR)
error = mkdir(parent->d_inode, *dentry, mode);
else
error = create(parent->d_inode, *dentry, mode);
} else
- error = PTR_ERR(dentry);
+ error = PTR_ERR(*dentry);
mutex_unlock(&parent->d_inode->i_mutex);
return error;