Searched hist:a652a4bc (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/net/sunrpc/auth_gss/ |
| H A D | auth_gss.c | a652a4bc Mon Nov 12 14:30:52 CST 2018 Trond Myklebust <trond.myklebust@hammerspace.com> SUNRPC: Fix a Oops when destroying the RPCSEC_GSS credential cache
Commit 07d02a67b7fa causes a use-after free in the RPCSEC_GSS credential
destroy code, because the call to get_rpccred() in gss_destroying_context()
will now always fail to increment the refcount.
While we could just replace the get_rpccred() with a refcount_set(), that
would have the unfortunate consequence of resurrecting a credential in
the credential cache for which we are in the process of destroying the
RPCSEC_GSS context. Rather than do this, we choose to make a copy that
is never added to the cache and use that to destroy the context.
Fixes: 07d02a67b7fa ("SUNRPC: Simplify lookup code")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
a652a4bc Mon Nov 12 14:30:52 CST 2018 Trond Myklebust <trond.myklebust@hammerspace.com> SUNRPC: Fix a Oops when destroying the RPCSEC_GSS credential cache
Commit 07d02a67b7fa causes a use-after free in the RPCSEC_GSS credential
destroy code, because the call to get_rpccred() in gss_destroying_context()
will now always fail to increment the refcount.
While we could just replace the get_rpccred() with a refcount_set(), that
would have the unfortunate consequence of resurrecting a credential in
the credential cache for which we are in the process of destroying the
RPCSEC_GSS context. Rather than do this, we choose to make a copy that
is never added to the cache and use that to destroy the context.
Fixes: 07d02a67b7fa ("SUNRPC: Simplify lookup code")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
|