First Last Prev Next    This bug is not in your last search results.
Bug 594630 - kernel: security: testing the wrong variable in create_by_name() [mrg-1]
kernel: security: testing the wrong variable in create_by_name() [mrg-1]
Status: CLOSED ERRATA
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: realtime-kernel (Show other bugs)
1.2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Luis Claudio R. Goncalves
David Sommerseth
:
Depends On:
Blocks: 621752
  Show dependency treegraph
 
Reported: 2010-05-21 04:18 EDT by Eugene Teo (Security Response)
Modified: 2016-05-22 19:30 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Fixed a typo in security filesystem code that should be dereferencing an inode pointer and instead was checking the value of the pointer.
Story Points: ---
Clone Of:
: 621752 (view as bug list)
Environment:
Last Closed: 2010-08-17 11:54:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Eugene Teo (Security Response) 2010-05-21 04:18:48 EDT 
Description of problem:
There is a typo here.  We should be testing "*dentry" instead of "dentry".  If
"*dentry" is an ERR_PTR, it gets dereferenced in either mkdir() or create()
which would cause an OOPs.

This bug has been in the kernel since 2.6.14-rc2 via b67dbf9d.

Upstream commit:
http://git.kernel.org/linus/b338cc8207eae46640a8d534738fda7b5e48511d
Comment 1 Luis Claudio R. Goncalves 2010-06-21 13:45:31 EDT 
Patch bz594630-testing-wrong-variable-in-create_by_name.patch, backport of upstream commit b338cc8207eae46640a8d534738fda7b5e48511d added to kernel -159 patch queue.
Comment 3 David Sommerseth 2010-07-21 05:48:07 EDT 
Verified by code review.  Found bz594630-testing-wrong-variable-in-create_by_name.patch implemented in kernel-rt-2.6.24.7-160.src.rpm.
Comment 4 Clark Williams 2010-07-26 16:55:00 EDT 
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.

New Contents:
Fixed a typo in security filesystem code that should be dereferencing an inode pointer and instead was checking the value of the pointer.
Comment 5 errata-xmlrpc 2010-08-17 11:54:03 EDT 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2010-0631.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.