ACK: [maverick/ti-omap4 CVE 1/1] inotify: stop kernel memory leak on file creation failure
Stefan Bader
stefan.bader at canonical.com
Mon Jan 30 11:28:43 UTC 2012
On 30.01.2012 10:51, Andy Whitcroft wrote:
> From: Eric Paris <eparis at redhat.com>
>
> If inotify_init is unable to allocate a new file for the new inotify
> group we leak the new group. This patch drops the reference on the
> group on file allocation failure.
>
> Reported-by: Vegard Nossum <vegard.nossum at gmail.com>
> cc: stable at kernel.org
> Signed-off-by: Eric Paris <eparis at redhat.com>
>
> (cherry picked from commit a2ae4cc9a16e211c8a128ba10d22a85431f093ab)
> CVE-2010-4250
> BugLink: http://bugs.launchpad.net/bugs/917797
> Signed-off-by: Andy Whitcroft <apw at canonical.com>
> ---
> fs/notify/inotify/inotify_user.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
> index e46ca68..e295eee 100644
> --- a/fs/notify/inotify/inotify_user.c
> +++ b/fs/notify/inotify/inotify_user.c
> @@ -671,6 +671,7 @@ SYSCALL_DEFINE1(inotify_init1, int, flags)
> if (ret >= 0)
> return ret;
>
> + fsnotify_put_group(group);
> atomic_dec(&user->inotify_devs);
> out_free_uid:
> free_uid(user);
Looks reasonable, cherry-picked too...
Acked-by: Stefan Bader <smb at canonical.com>
More information about the kernel-team
mailing list