[maverick/ti-omap4 CVE 1/1] inotify: stop kernel memory leak on file creation failure
Andy Whitcroft
apw at canonical.com
Mon Jan 30 09:51:29 UTC 2012
From: Eric Paris <eparis at redhat.com>
If inotify_init is unable to allocate a new file for the new inotify
group we leak the new group. This patch drops the reference on the
group on file allocation failure.
Reported-by: Vegard Nossum <vegard.nossum at gmail.com>
cc: stable at kernel.org
Signed-off-by: Eric Paris <eparis at redhat.com>
(cherry picked from commit a2ae4cc9a16e211c8a128ba10d22a85431f093ab)
CVE-2010-4250
BugLink: http://bugs.launchpad.net/bugs/917797
Signed-off-by: Andy Whitcroft <apw at canonical.com>
---
fs/notify/inotify/inotify_user.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
index e46ca68..e295eee 100644
--- a/fs/notify/inotify/inotify_user.c
+++ b/fs/notify/inotify/inotify_user.c
@@ -671,6 +671,7 @@ SYSCALL_DEFINE1(inotify_init1, int, flags)
if (ret >= 0)
return ret;
+ fsnotify_put_group(group);
atomic_dec(&user->inotify_devs);
out_free_uid:
free_uid(user);
--
1.7.5.4
More information about the kernel-team
mailing list