diff --git a/KEYS-potential-uninitialized-variable.patch b/KEYS-potential-uninitialized-variable.patch new file mode 100644 index 0000000..23cabbb --- /dev/null +++ b/KEYS-potential-uninitialized-variable.patch @@ -0,0 +1,30 @@ +From 82a50018782f84e733e718d4b24e1653d19333be Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Wed, 15 Jun 2016 09:31:45 -0400 +Subject: [PATCH] KEYS: potential uninitialized variable + +If __key_link_begin() failed then "edit" would be uninitialized. I've +added a check to fix that. + +Fixes: f70e2e06196a ('KEYS: Do preallocation for __key_link()') +Signed-off-by: Dan Carpenter +--- + security/keys/key.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/security/keys/key.c b/security/keys/key.c +index bd5a272f28a6..346fbf201c22 100644 +--- a/security/keys/key.c ++++ b/security/keys/key.c +@@ -597,7 +597,7 @@ int key_reject_and_link(struct key *key, + + mutex_unlock(&key_construction_mutex); + +- if (keyring) ++ if (keyring && link_ret == 0) + __key_link_end(keyring, &key->index_key, edit); + + /* wake up anyone waiting for a key to be constructed */ +-- +2.5.5 + diff --git a/kernel.spec b/kernel.spec index 1e82152..1332fa5 100644 --- a/kernel.spec +++ b/kernel.spec @@ -605,6 +605,9 @@ Patch665: netfilter-x_tables-deal-with-bogus-nextoffset-values.patch #rhbz 1346145 Patch666: ath9k-fix-GPIO-mask-for-AR9462-and-AR9565.patch +#CVE-2016-4470 rhbz 1341716 1346626 +Patch727: KEYS-potential-uninitialized-variable.patch + # END OF PATCH DEFINITIONS %endif @@ -2130,6 +2133,9 @@ fi # # %changelog +* Wed Jun 15 2016 Josh Boyer +- CVE-2016-4470 keys: uninitialized variable crash (rhbz 1341716 1346626) + * Wed Jun 15 2016 Peter Robinson - Enable support for TI dm81xx devices (kwizart)