diff options
author | dann frazier <dannf@debian.org> | 2006-08-17 00:24:25 +0000 |
---|---|---|
committer | dann frazier <dannf@debian.org> | 2006-08-17 00:24:25 +0000 |
commit | f3581ec9b2d48c6103c22fecb46f713217d834e8 (patch) | |
tree | 16359328df8385089d75b771a15c849bc9d052ea /retired/CVE-2005-3356 | |
parent | fcaf6d1f99829e04e46b5eb27e1aac3451308455 (diff) |
move retired to the top level hierarchy so people can easily checkout just the active issues
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@548 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2005-3356')
-rw-r--r-- | retired/CVE-2005-3356 | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/retired/CVE-2005-3356 b/retired/CVE-2005-3356 new file mode 100644 index 000000000..4da47902a --- /dev/null +++ b/retired/CVE-2005-3356 @@ -0,0 +1,34 @@ +Candidate: CVE-2005-3356 +References: + http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=7c7dce9209161eb260cdf9e9172f72c3a02379e6h+p=12dbf3fc4d06d2c0c4c44dc0612df04248b3cfd3 +Description: + [PATCH] Fix double decrement of mqueue_mnt->mnt_count in sys_mq_open + . + Fixed the refcounting on failure exits in sys_mq_open() and + cleaned the logics up. Rules are actually pretty simple - dentry_open() + expects vfsmount and dentry to be pinned down and it either transfers + them into created struct file or drops them. Old code had been very + confused in that area - if dentry_open() had failed either in do_open() + or do_create(), we ended up dentry and mqueue_mnt dropped twice, once + by dentry_open() cleanup and then by sys_mq_open(). + . + Fix consists of making the rules for do_create() and do_open() + same as for dentry_open() and updating the sys_mq_open() accordingly; + that actually leads to more straightforward code and less work on + normal path. + . + Signed-off-by: Al Viro <aviro@redhat.com> + Signed-off-by: Linus Torvalds <torvalds@osdl.org> +Notes: + jmm> Discovered by Doug Chapman +Bugs: +upstream: released (2.6.15.2) +linux-2.6: released (2.6.15-4) +2.6.8-sarge-security: released (2.6.8-16sarge2) +2.4.27-sarge-security: N/A +2.4.19-woody-security: N/A +2.4.18-woody-security: N/A +2.4.17-woody-security: N/A +2.4.16-woody-security: N/A +2.4.17-woody-security-hppa: N/A +2.4.17-woody-security-ia64: N/A |