|Summary:||kernel: security: testing the wrong variable in create_by_name() [mrg-1]|
|Product:||Red Hat Enterprise MRG||Reporter:||Eugene Teo (Security Response) <eteo>|
|Component:||realtime-kernel||Assignee:||Luis Claudio R. Goncalves <lgoncalv>|
|Status:||CLOSED ERRATA||QA Contact:||David Sommerseth <davids>|
|Version:||1.2||CC:||bhu, eteo, lgoncalv, ovasik, williams|
|Fixed In Version:||Doc Type:||Bug Fix|
Fixed a typo in security filesystem code that should be dereferencing an inode pointer and instead was checking the value of the pointer.
|:||621752 (view as bug list)||Environment:|
|Last Closed:||2010-08-17 15:54:03 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:|
Description Eugene Teo (Security Response) 2010-05-21 08:18:48 UTC
Description of problem: There is a typo here. We should be testing "*dentry" instead of "dentry". If "*dentry" is an ERR_PTR, it gets dereferenced in either mkdir() or create() which would cause an OOPs. This bug has been in the kernel since 2.6.14-rc2 via b67dbf9d. Upstream commit: http://git.kernel.org/linus/b338cc8207eae46640a8d534738fda7b5e48511d
Comment 1 Luis Claudio R. Goncalves 2010-06-21 17:45:31 UTC
Patch bz594630-testing-wrong-variable-in-create_by_name.patch, backport of upstream commit b338cc8207eae46640a8d534738fda7b5e48511d added to kernel -159 patch queue.
Comment 3 David Sommerseth 2010-07-21 09:48:07 UTC
Verified by code review. Found bz594630-testing-wrong-variable-in-create_by_name.patch implemented in kernel-rt-126.96.36.199-160.src.rpm.
Comment 4 Clark Williams 2010-07-26 20:55:00 UTC
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Fixed a typo in security filesystem code that should be dereferencing an inode pointer and instead was checking the value of the pointer.
Comment 5 errata-xmlrpc 2010-08-17 15:54:03 UTC
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2010-0631.html