CVE-2016-4470补丁程序信息
[英]CVE-2016-4470 Patch information
问题描述
Patch for CVE 
CVE补丁
The description states : 描述指出:
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. 直到4.6.3的Linux内核中的security/keys/key.c中的key_reject_and_link函数不能确保初始化某些数据结构,这使本地用户可以通过涉及精心制作的keyctl向量来导致拒绝服务(系统崩溃) request2命令。
Questions: 问题:
- Looking at the patch, how do the variables fix the bug? 查看补丁,变量如何修复错误?
- Does it involve race condition? 是否涉及比赛条件? Explanation would be extremely helpful, as I am new in C 解释将非常有帮助,因为我是C语言新手
- How exactly does this patch prevent a DOS condition 此修补程序如何完全防止DOS状况
1 个解决方案
解决方案1
0 2019-01-05 09:25:57
Since the root cause of this CVE is that __key_link_begin fails, and variable edit is uninitialized, the method to fix this problem is to detect such failure of __key_link_begin.
由于此CVE的根本原因是__key_link_begin失败,并且变量编辑未初始化,因此解决此问题的方法是检测__key_link_begin的此类失败。 From my knowledge, link_ret is the return value of __key_link_begin(), the patch adds one condition ( link_ret == 0) to verify whether __key_link_begin fails or not.据我所知,link_ret是__key_link_begin()的返回值,补丁会添加一个条件( link_ret == 0)以验证__key_link_begin是否失败。I think it should not involve race condition here.
我认为这里不应该涉及比赛条件。 My guess is from the stack trace shown in the patch 我的猜测来自补丁中显示的堆栈跟踪 Please refer to the answer of Question 1.
请参考问题1的答案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.