CVE-2016-4470 Patch information
Question
Patch for CVE
The description states :
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
Questions:
- Looking at the patch, how do the variables fix the bug?
- Does it involve race condition? Explanation would be extremely helpful, as I am new in C
- How exactly does this patch prevent a DOS condition
1 answers
solution1
0 2019-01-05 09:25:57
Since the root cause of this CVE is that __key_link_begin fails, and variable edit is uninitialized, the method to fix this problem is to detect such failure of __key_link_begin. From my knowledge, link_ret is the return value of __key_link_begin(), the patch adds one condition (
link_ret == 0) to verify whether __key_link_begin fails or not.I think it should not involve race condition here. My guess is from the stack trace shown in the patch
Please refer to the answer of Question 1.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.