From 4048f12d993e0a89e9dda401224f12a99b701052 Mon Sep 17 00:00:00 2001 From: gc1202 Date: Fri, 30 Dec 2022 11:45:26 +0800 Subject: [PATCH] access_tokenid : fix task cred leak in check_permission_for_set_tokenid ohos inclusion category: bugfix issue: I684DP CVE: NO Signed-off-by: gaochao --------------------------------------- in check_permission_for_set_tokenid() called get_task_cred() without put_cred(), change get_task_cred() to current_uid() to solve this. --- drivers/accesstokenid/access_tokenid.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/drivers/accesstokenid/access_tokenid.c b/drivers/accesstokenid/access_tokenid.c index c83fc114adbd..e7bae802c531 100644 --- a/drivers/accesstokenid/access_tokenid.c +++ b/drivers/accesstokenid/access_tokenid.c @@ -8,7 +8,6 @@ #define pr_fmt(fmt) "access_token_id: " fmt -#include #include #include #include @@ -24,7 +23,7 @@ int access_tokenid_get_tokenid(struct file *file, void __user *uarg) static bool check_permission_for_set_tokenid(struct file *file) { - const struct cred *cred = get_task_cred(current); + kuid_t uid = current_uid(); struct inode *inode = file->f_inode; if (inode == NULL) { @@ -32,8 +31,8 @@ static bool check_permission_for_set_tokenid(struct file *file) return false; } - if (uid_eq(cred->uid, GLOBAL_ROOT_UID) || - uid_eq(cred->uid, inode->i_uid)) { + if (uid_eq(uid, GLOBAL_ROOT_UID) || + uid_eq(uid, inode->i_uid)) { return true; } @@ -58,7 +57,7 @@ static bool check_permission_for_ftokenid(struct file *file) { int i; struct group_info *group_info; - const struct cred *cred = get_task_cred(current); + kuid_t uid = current_uid(); struct inode *inode = file->f_inode; if (inode == NULL) { @@ -66,7 +65,7 @@ static bool check_permission_for_ftokenid(struct file *file) return false; } - if (uid_eq(cred->uid, GLOBAL_ROOT_UID)) + if (uid_eq(uid, GLOBAL_ROOT_UID)) return true; group_info = get_current_groups(); -- Gitee