UPSTREAM: KEYS: Fix race between key destruction and finding a keyring by name
(cherry picked from commit 94c4554b) There appears to be a race between: (1) key_gc_unused_keys() which frees key->security and then calls keyring_destroy() to unlink the name from the name list (2) find_keyring_by_name() which calls key_permission(), thus accessing key->security, on a key before checking to see whether the key usage is 0 (ie. the key is dead and might be cleaned up). Fix this by calling ->destroy() before cleaning up the core key data - including key->security. Reported-by:Petr Matousek <pmatouse@redhat.com> Signed-off-by:
David Howells <dhowells@redhat.com> Change-Id: I2bb1e7b7240dc81a172483ce35f569d357579b96 Bug: 31253168
Loading
Please sign in to comment