Bug 509625

Summary: kernel: fd leak if pipe() is called with an invalid address [rhel-5.4]
Product: Red Hat Enterprise Linux 5 Reporter: Eugene Teo (Security Response) <eteo>
Component: kernelAssignee: Cong Wang <amwang>
Status: CLOSED ERRATA QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: high Docs Contact:
Priority: high    
Version: 5.4CC: amwang, czhang, dhoward, dzickus, jcm, jpirko, jskrabal, lwang, riek, rkhan, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 509627 509628 509629 (view as bug list) Environment:
Last Closed: 2010-03-30 07:09:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 509627, 509628, 509629, 533192    

Description Eugene Teo (Security Response) 2009-07-04 07:54:52 UTC 
Description of problem:
fd leak if pipe() is called with an invalid address.

Though -EFAULT is returned, the file descriptors opened by pipe() call are left open.

Reference:
http://patchwork.kernel.org/patch/33640/
Comment 2 Eugene Teo (Security Response) 2009-07-04 08:20:51 UTC 
http://www.chineselinuxuniversity.net/patches/43722.shtml
Comment 12 Don Zickus 2009-10-21 19:12:09 UTC 
in kernel-2.6.18-170.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Please do NOT transition this bugzilla state to VERIFIED until our QE team
has sent specific instructions indicating when to do so.  However feel free
to provide a comment indicating that this fix has been verified.
Comment 16 errata-xmlrpc 2010-03-30 07:09:43 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2010-0178.html