diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2010-04-22 07:17:09 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-04-22 07:17:09 -0700 |
commit | 5e31877b647bf41ad080adad6100a617ed4c6be4 (patch) | |
tree | 89779d6189828ec033aa8f445afb8ed2e854679e | |
parent | 1ef6ce7a340f9ed139a73147ff9cf7ad56889414 (diff) | |
parent | b338cc8207eae46640a8d534738fda7b5e48511d (diff) |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
security: testing the wrong variable in create_by_name()
CRED: Fix a race in creds_are_invalid() in credentials debugging
CRED: Fix double free in prepare_usermodehelper_creds() error handling
-rw-r--r-- | kernel/cred.c | 4 | ||||
-rw-r--r-- | security/inode.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/kernel/cred.c b/kernel/cred.c index e1dbe9eef80..62af1816c23 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -398,6 +398,8 @@ struct cred *prepare_usermodehelper_creds(void) error: put_cred(new); + return NULL; + free_tgcred: #ifdef CONFIG_KEYS kfree(tgcred); @@ -791,8 +793,6 @@ bool creds_are_invalid(const struct cred *cred) { if (cred->magic != CRED_MAGIC) return true; - if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers)) - return true; #ifdef CONFIG_SECURITY_SELINUX if (selinux_is_enabled()) { if ((unsigned long) cred->security < PAGE_SIZE) diff --git a/security/inode.c b/security/inode.c index c3a793881d0..1c812e87450 100644 --- a/security/inode.c +++ b/security/inode.c @@ -161,13 +161,13 @@ static int create_by_name(const char *name, mode_t mode, mutex_lock(&parent->d_inode->i_mutex); *dentry = lookup_one_len(name, parent, strlen(name)); - if (!IS_ERR(dentry)) { + if (!IS_ERR(*dentry)) { if ((mode & S_IFMT) == S_IFDIR) error = mkdir(parent->d_inode, *dentry, mode); else error = create(parent->d_inode, *dentry, mode); } else - error = PTR_ERR(dentry); + error = PTR_ERR(*dentry); mutex_unlock(&parent->d_inode->i_mutex); return error; |