From: Jiri Pirko <jpirko@redhat.com> Date: Mon, 26 Jan 2009 18:28:11 +0100 Subject: [security] keys: introduce missing kfree Message-id: 20090126172810.GC17952@psychotron.englab.brq.redhat.com O-Subject: [RHEL5.4 patch] BZ480598 CVE-2009-0031 security: introduce missing kfree Bugzilla: 480598 RH-Acked-by: Michal Schmidt <mschmidt@redhat.com> RH-Acked-by: Pete Zaitcev <zaitcev@redhat.com> RH-Acked-by: Prarit Bhargava <prarit@redhat.com> RH-Acked-by: Mikulas Patocka <mpatocka@redhat.com> CVE: CVE-2009-0031 BZ480598 CVE-2009-0031 https://bugzilla.redhat.com/show_bug.cgi?id=480598 Description: Simply adds the missing kfree and plugs the leak. Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0d54ee1c7850a954026deec4cd4885f331da35cc Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=1662849 Test: Booted on x86_64. Tested by the reproducer attached to BZ480592 (root bug). Behaves correctly. Jirka diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 8ec8432..52627ce 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -265,6 +265,7 @@ long keyctl_join_session_keyring(const char __user *_name) /* join the session */ ret = join_session_keyring(name); + kfree(name); error: return ret;