On Thu, Jan 31, 2013 at 3:02 AM, James Morris <jmor...@namei.org> wrote: > What's the practical impact of this? Could an attacker kill the machine? > >
It might be possible slowly to eat the whole memory if there were too many memory verifications. This is a bug and the patch will be applied to stable. Should go to mainline as well. I suggest to apply it and also couple of other patches I sent yesterday. thanks. - Dmitry > On Wed, 30 Jan 2013, Kasatkin, Dmitry wrote: > >> On Fri, Jan 25, 2013 at 4:54 PM, Dmitry Kasatkin >> <dmitry.kasat...@intel.com> wrote: >> > From: YOSHIFUJI Hideaki <yoshf...@linux-ipv6.org> >> > >> > digsig_verify_rsa() does not free kmalloc'ed buffer returned by >> > mpi_get_buffer(). >> > >> > Signed-off-by: YOSHIFUJI Hideaki <yoshf...@linux-ipv6.org> >> > Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@intel.com> >> > Cc: sta...@vger.kernel.org >> > --- >> > lib/digsig.c | 2 ++ >> > 1 file changed, 2 insertions(+) >> > >> > diff --git a/lib/digsig.c b/lib/digsig.c >> > index 8c0e629..dc2be7e 100644 >> > --- a/lib/digsig.c >> > +++ b/lib/digsig.c >> > @@ -162,6 +162,8 @@ static int digsig_verify_rsa(struct key *key, >> > memset(out1, 0, head); >> > memcpy(out1 + head, p, l); >> > >> > + kfree(p); >> > + >> > err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len); >> > if (err) >> > goto err; >> > -- >> > 1.7.10.4 >> > >> >> James, can you please apply this patch. >> >> - Dmitry >> > > -- > James Morris > <jmor...@namei.org> > -- > To unsubscribe from this list: send the line "unsubscribe > linux-security-module" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
