Description of problem: in crypto/signature/ksign.c, ksign_signature_check() checks if the return value of ksign_get_public_key() was null. Unfortunately, it is possible for ksign_get_public_key() to return a bogus non-null pointer if the key is not actually found. This results in (at best) a 'atomic counter underflow' complaint from ksign_put_public_key (because it dereferences pk->count), and at worst locking failures and similar Version-Release number of selected component (if applicable): 2.6.13-1.1627_FC5 How reproducible: Attempt to modprobe a module that is signed with a key other than the one that's in crypto/signatures/key.h Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: Patch to make ksign_get_public_key() to behave nicely attached....
Created attachment 120434 [details] Return NULL if public key not found
The patch is slightly more complicated than is necessary. Just setting pk to NULL between the end of the loop and the "found" label is sufficient. If a match is made, then the goto will skip the clearance.
Created attachment 121360 [details] Return NULL if public key not found
merged in cvs. built for rawhide, should go out in the first post-test1 push (also available from http://people.redhat.com/davej/kernels/Fedora/devel/