inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch() (CVE-2019-9857)
This commit is contained in:
parent
cda3581467
commit
1c6240e692
|
@ -829,6 +829,8 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
|
||||||
(CVE-2015-8553)
|
(CVE-2015-8553)
|
||||||
* ACPICA: Namespace: remove address node from global list after method
|
* ACPICA: Namespace: remove address node from global list after method
|
||||||
termination
|
termination
|
||||||
|
* inotify: Fix fsnotify_mark refcount leak in
|
||||||
|
inotify_update_existing_watch() (CVE-2019-9857)
|
||||||
|
|
||||||
[ Aurelien Jarno ]
|
[ Aurelien Jarno ]
|
||||||
* [mips] Fix indirect syscall tracing & seccomp filtering for big endian
|
* [mips] Fix indirect syscall tracing & seccomp filtering for big endian
|
||||||
|
|
46
debian/patches/bugfix/all/inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch
vendored
Normal file
46
debian/patches/bugfix/all/inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch
vendored
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
From: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
|
||||||
|
Date: Sat, 2 Mar 2019 09:17:32 +0800
|
||||||
|
Subject: inotify: Fix fsnotify_mark refcount leak in
|
||||||
|
inotify_update_existing_watch()
|
||||||
|
Origin: https://git.kernel.org/linus/62c9d2674b31d4c8a674bee86b7edc6da2803aea
|
||||||
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-9857
|
||||||
|
|
||||||
|
Commit 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for
|
||||||
|
inotify_add_watch()") forgot to call fsnotify_put_mark() with
|
||||||
|
IN_MASK_CREATE after fsnotify_find_mark()
|
||||||
|
|
||||||
|
Fixes: 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for inotify_add_watch()")
|
||||||
|
Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
|
||||||
|
Signed-off-by: Jan Kara <jack@suse.cz>
|
||||||
|
---
|
||||||
|
fs/notify/inotify/inotify_user.c | 7 +++++--
|
||||||
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
|
||||||
|
index e2901fbb9f76..7b53598c8804 100644
|
||||||
|
--- a/fs/notify/inotify/inotify_user.c
|
||||||
|
+++ b/fs/notify/inotify/inotify_user.c
|
||||||
|
@@ -519,8 +519,10 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
|
||||||
|
fsn_mark = fsnotify_find_mark(&inode->i_fsnotify_marks, group);
|
||||||
|
if (!fsn_mark)
|
||||||
|
return -ENOENT;
|
||||||
|
- else if (create)
|
||||||
|
- return -EEXIST;
|
||||||
|
+ else if (create) {
|
||||||
|
+ ret = -EEXIST;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
i_mark = container_of(fsn_mark, struct inotify_inode_mark, fsn_mark);
|
||||||
|
|
||||||
|
@@ -548,6 +550,7 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
|
||||||
|
/* return the wd */
|
||||||
|
ret = i_mark->wd;
|
||||||
|
|
||||||
|
+out:
|
||||||
|
/* match the get from fsnotify_find_mark() */
|
||||||
|
fsnotify_put_mark(fsn_mark);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.11.0
|
||||||
|
|
|
@ -148,6 +148,7 @@ features/all/lockdown/lockdown-refer-to-debian-wiki-until-manual-page-exists.pat
|
||||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||||
bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
|
bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
|
||||||
debian/ntfs-mark-it-as-broken.patch
|
debian/ntfs-mark-it-as-broken.patch
|
||||||
|
bugfix/all/inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch
|
||||||
|
|
||||||
# Fix exported symbol versions
|
# Fix exported symbol versions
|
||||||
bugfix/all/module-disable-matching-missing-version-crc.patch
|
bugfix/all/module-disable-matching-missing-version-crc.patch
|
||||||
|
|
Loading…
Reference in New Issue