Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 594630 - kernel: security: testing the wrong variable in create_by_name() [mrg-1]
Summary: kernel: security: testing the wrong variable in create_by_name() [mrg-1]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: realtime-kernel
Version: 1.2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Luis Claudio R. Goncalves
QA Contact: David Sommerseth
URL:
Whiteboard:
Depends On:
Blocks: 621752
TreeView+ depends on / blocked
 
Reported: 2010-05-21 08:18 UTC by Eugene Teo (Security Response)
Modified: 2016-05-22 23:30 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Fixed a typo in security filesystem code that should be dereferencing an inode pointer and instead was checking the value of the pointer.
Clone Of:
: 621752 (view as bug list)
Environment:
Last Closed: 2010-08-17 15:54:03 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0631 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2010-08-18 07:58:39 UTC

Description Eugene Teo (Security Response) 2010-05-21 08:18:48 UTC
Description of problem:
There is a typo here.  We should be testing "*dentry" instead of "dentry".  If
"*dentry" is an ERR_PTR, it gets dereferenced in either mkdir() or create()
which would cause an OOPs.

This bug has been in the kernel since 2.6.14-rc2 via b67dbf9d.

Upstream commit:
http://git.kernel.org/linus/b338cc8207eae46640a8d534738fda7b5e48511d

Comment 1 Luis Claudio R. Goncalves 2010-06-21 17:45:31 UTC
Patch bz594630-testing-wrong-variable-in-create_by_name.patch, backport of upstream commit b338cc8207eae46640a8d534738fda7b5e48511d added to kernel -159 patch queue.

Comment 3 David Sommerseth 2010-07-21 09:48:07 UTC
Verified by code review.  Found bz594630-testing-wrong-variable-in-create_by_name.patch implemented in kernel-rt-2.6.24.7-160.src.rpm.

Comment 4 Clark Williams 2010-07-26 20:55:00 UTC
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.

New Contents:
Fixed a typo in security filesystem code that should be dereferencing an inode pointer and instead was checking the value of the pointer.

Comment 5 errata-xmlrpc 2010-08-17 15:54:03 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2010-0631.html


Note You need to log in before you can comment on or make changes to this bug.