linux/fs/fscache
Eric Biggers d124b2c53c FS-Cache: fix dereference of NULL user_key_payload
When the file /proc/fs/fscache/objects (available with
CONFIG_FSCACHE_OBJECT_LIST=y) is opened, we request a user key with
description "fscache:objlist", then access its payload.  However, a
revoked key has a NULL payload, and we failed to check for this.
request_key() *does* skip revoked keys, but there is still a window
where the key can be revoked before we access its payload.

Fix it by checking for a NULL payload, treating it like a key which was
already revoked at the time it was requested.

Fixes: 4fbf4291aa ("FS-Cache: Allow the current state of all objects to be dumped")
Reviewed-by: James Morris <james.l.morris@oracle.com>
Cc: <stable@vger.kernel.org>    [v2.6.32+]
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
2017-10-12 17:16:40 +01:00
..
Kconfig fscache: drop references to slow-work 2010-07-22 22:58:58 +02:00
Makefile FS-Cache: Allow the current state of all objects to be dumped 2009-11-19 18:11:04 +00:00
cache.c fs/fscache: convert printk to pr_foo() 2014-06-04 16:53:51 -07:00
cookie.c fscache: Clear outstanding writes when disabling a cookie 2017-01-31 13:23:09 -05:00
fsdef.c FS-Cache: Provide the ability to enable/disable cookies 2013-09-27 18:40:25 +01:00
histogram.c drop redundant ->owner initializations 2016-05-29 19:08:00 -04:00
internal.h FS-Cache: The operation cancellation method needs calling in more places 2015-04-02 14:28:53 +01:00
main.c fs/fscache: make ctl_table static 2014-08-06 18:01:12 -07:00
netfs.c FS-Cache: Initialise stores_lock in netfs cookie 2017-01-31 13:23:09 -05:00
object-list.c FS-Cache: fix dereference of NULL user_key_payload 2017-10-12 17:16:40 +01:00
object.c fscache: Fix dead object requeue 2017-01-31 13:23:09 -05:00
operation.c FS-Cache: Retain the netfs context in the retrieval op earlier 2015-04-02 14:28:53 +01:00
page.c mm: remove nr_pages argument from pagevec_lookup{,_range}() 2017-09-06 17:27:27 -07:00
proc.c FS-Cache: Allow the current state of all objects to be dumped 2009-11-19 18:11:04 +00:00
stats.c drop redundant ->owner initializations 2016-05-29 19:08:00 -04:00